Обсуждение: ident authentication with named localhost
Hi, I am having trouble with ident authentication. Everything is working fine except when specifying host for connections on the local machine. pg_hba.conf: local all all ident wp host all all 10.97.8.0/24 ident wp pg_ident.conf: wp dlink dlink wp dlink firstalert wp dlink postgres wp dlink video wp postgres postgres wp wwwrun firstalert wp wwwrun video If the db is on mach1 and the Unix user is dlink the following works dlink@mach1$ psql -d mydb -U postgres dlink@mach2$ psql -d mydb -U postgres -h mach1 # from remote machine While the following does not: (nor with perl DBI) dlink@mach1$ psql -d mydb -U postgres -h mach1 dlink@mach1$ psql -d mydb -U postgres -h localhost dlink@mach1$ psql -d mydb -U postgres -h 10.97.8.244 dlink@mach1$ psql -d mydb -U postgres -h 127.0.0.1 If I add the following to pg_hba.conf it works of course: host all all 10.97.8.244/32 trust But this does not: host all all 10.97.8.244/32 ident wp. If I try as the postgres Unix user then it works: postgres@mach1$ psql -d mydb -U postgres -h mach1 We are using: SUSE 9 / Linux 2.6.5-7 Postgresql 8.1 And LDAP. The problem might be due to how identd works on localhost with LDAP. The postgres user is found in /etc/passwd, while the dlink user is not. Incidentally, get this, on a second machine (with same software) what's described here as not working, works intermittently. Now it worked. Now it didn't. For dlink user. Weird. Does anyone know how I can test ident? I can telnet 10.97.8.244 113. The server port I know is 5432, but what's the client port to give? Any and all help greatly appreciated. Thanks. David Link
David Link <dlink@soundscan.com> writes: > Does anyone know how I can test ident? I'd try sniffing the IP traffic to and from it with a packet sniffer and/or tracing the daemon's system calls with strace. Manually invoking the daemon isn't going to prove a lot, you want to watch its reaction to Postgres. I believe some flavors of identd have debug tracing options, too ... check the man page ... regards, tom lane
Tom Lane wrote: > David Link <dlink@soundscan.com> writes: > >> Does anyone know how I can test ident? >> > > I'd try sniffing the IP traffic to and from it with a packet sniffer > and/or tracing the daemon's system calls with strace. Manually invoking > the daemon isn't going to prove a lot, you want to watch its reaction > to Postgres. > Thanks for your suggestion. I'm new to the concept of packet sniffing and tracing. Can you suggest where I should go or what I should read to better understand this? > I believe some flavors of identd have debug tracing options, too > ... check the man page ... > Too bad no one else has reported this and already found an answer. Maybe I should move to md5 authentication, however I wanted to avoid having to type passwords. Thanks,
David Link <dlink@soundscan.com> writes: > Thanks for your suggestion. I'm new to the concept of packet sniffing > and tracing. Can you suggest where I should go or what I should read to > better understand this? "man strace" ... strace is probably easier to use for this purpose than a packet sniffer, and it'll generate a more complete view of what the daemon is doing, too. regards, tom lane