Обсуждение: md5 and trust and pg_hba.conf
Hi,
Question on pg_hba.conf. I have these entries:
host all psgdba localhost trust
host all psgdba 127.0.0.1/32 trust
host all gd07 localhost trust
host all gd07 127.0.0.1/32 trust
Command to logon to Postgres:
/usr/pgsql-9.3/bin/psql -d postgres
If I am logged on ‘gd07’ at the server , it lets me log-on to Postgres without prompting for password
If I am logged on as ‘psgdba’, it prompts for password.
As you can see, both have ‘trust’, but ‘gd07’ is the instance owner.
Why does ‘psgdba’ prompts? What I am missing?
Your help would be much appreciated.
Thanks.
Maria
Hi,
Question on pg_hba.conf. I have these entries:
host all psgdba localhost trust
host all psgdba 127.0.0.1/32 trust
host all gd07 localhost trust
host all gd07 127.0.0.1/32 trust
Command to logon to Postgres:
/usr/pgsql-9.3/bin/psql -d postgres
If I am logged on ‘gd07’ at the server , it lets me log-on to Postgres without prompting for password
If I am logged on as ‘psgdba’, it prompts for password.
As you can see, both have ‘trust’, but ‘gd07’ is the instance owner.
Why does ‘psgdba’ prompts? What I am missing?
Your help would be much appreciated.
Thanks.
Maria
Sameer Kumar | Senior Solution Architect
ASHNIK PTE. LTD.
36 Robinson Road, #14-04 City House, Singapore 068877
T: +65 6438 3504 | www.ashnik.com
Skype: sameer.ashnik | M: +65 8110 0350
Hi,
Question on pg_hba.conf. I have these entries:
host all psgdba localhost trust
host all psgdba 127.0.0.1/32 trust
host all gd07 localhost trust
host all gd07 127.0.0.1/32 trust
Command to logon to Postgres:
/usr/pgsql-9.3/bin/psql -d postgres
If I am logged on ‘gd07’ at the server , it lets me log-on to Postgres without prompting for password
If I am logged on as ‘psgdba’, it prompts for password.
As you can see, both have ‘trust’, but ‘gd07’ is the instance owner.
Why does ‘psgdba’ prompts? What I am missing?
Your help would be much appreciated.
Thanks.
Maria
Sameer Kumar | Senior Solution Architect
ASHNIK PTE. LTD.
36 Robinson Road, #14-04 City House, Singapore 068877
T: +65 6438 3504 | www.ashnik.com
Skype: sameer.ashnik | M: +65 8110 0350
Both have PGHOST set. gd07 has a .pgpass, but psgdba does not. Does it still need a .pgpass even if it is already ‘trust’?
Thanks.
Maria A Rossi
Database Administration
Jackson National Life
email: maria.rossi@jackson.com
cell phone: 517.256.4392
work phone: 517.367.3099
work phone extension: 23099
From: Sameer Kumar <sameer.kumar@ashnik.com>
Sent: Monday, September 10, 2018 10:55 AM
To: Rossi, Maria <maria.rossi@jackson.com>
Cc: pgsql-sql@lists.postgresql.org; pgsql-novice@lists.postgresql.org
Subject: Re: md5 and trust and pg_hba.conf
EXTERNAL EMAIL
On Mon, Sep 10, 2018 at 10:46 PM Rossi, Maria <maria.rossi@jackson.com> wrote:
Hi,
Question on pg_hba.conf. I have these entries:
host all psgdba localhost trust
host all psgdba 127.0.0.1/32 trust
host all gd07 localhost trust
host all gd07 127.0.0.1/32 trust
Can you post the whole of pg_hba.conf file?
You might have some other entry that is taking precedence.
Command to logon to Postgres:
/usr/pgsql-9.3/bin/psql -d postgres
If you don't have PGHOST set then most likely you are not going over a tcp connection (which is what host entries in pg_hba are used for). Instead the local entries of pg_hba are taking effect.
If I am logged on ‘gd07’ at the server , it lets me log-on to Postgres without prompting for password
do you have a *.pgpass* file in the home directory?
If I am logged on as ‘psgdba’, it prompts for password.
As you can see, both have ‘trust’, but ‘gd07’ is the instance owner.
Why does ‘psgdba’ prompts? What I am missing?
Your help would be much appreciated.
Thanks.
Maria
--
--
Best Regards,
Sameer Kumar | Senior Solution Architect
ASHNIK PTE. LTD.
36 Robinson Road, #14-04 City House, Singapore 068877
T: +65 6438 3504 | www.ashnik.com
Skype: sameer.ashnik | M: +65 8110 0350
Вложения
Both have PGHOST set. gd07 has a .pgpass, but psgdba does not. Does it still need a .pgpass even if it is already ‘trust’?
Thanks.
Maria A Rossi
Database Administration
Jackson National Life
email: maria.rossi@jackson.com
cell phone: 517.256.4392
work phone: 517.367.3099
work phone extension: 23099
From: Sameer Kumar <sameer.kumar@ashnik.com>
Sent: Monday, September 10, 2018 10:55 AM
To: Rossi, Maria <maria.rossi@jackson.com>
Cc: pgsql-sql@lists.postgresql.org; pgsql-novice@lists.postgresql.org
Subject: Re: md5 and trust and pg_hba.conf
EXTERNAL EMAIL
On Mon, Sep 10, 2018 at 10:46 PM Rossi, Maria <maria.rossi@jackson.com> wrote:
Hi,
Question on pg_hba.conf. I have these entries:
host all psgdba localhost trust
host all psgdba 127.0.0.1/32 trust
host all gd07 localhost trust
host all gd07 127.0.0.1/32 trust
Can you post the whole of pg_hba.conf file?
You might have some other entry that is taking precedence.
Command to logon to Postgres:
/usr/pgsql-9.3/bin/psql -d postgres
If you don't have PGHOST set then most likely you are not going over a tcp connection (which is what host entries in pg_hba are used for). Instead the local entries of pg_hba are taking effect.
If I am logged on ‘gd07’ at the server , it lets me log-on to Postgres without prompting for password
do you have a *.pgpass* file in the home directory?
If I am logged on as ‘psgdba’, it prompts for password.
As you can see, both have ‘trust’, but ‘gd07’ is the instance owner.
Why does ‘psgdba’ prompts? What I am missing?
Your help would be much appreciated.
Thanks.
Maria
--
--
Best Regards,
Sameer Kumar | Senior Solution Architect
ASHNIK PTE. LTD.
36 Robinson Road, #14-04 City House, Singapore 068877
T: +65 6438 3504 | www.ashnik.com
Skype: sameer.ashnik | M: +65 8110 0350
Вложения
Both have PGHOST set. gd07 has a .pgpass, but psgdba does not.
Does it still need a .pgpass even if it is already ‘trust’?
Thanks.
Maria A Rossi
Database Administration
Jackson National Life
email: maria.rossi@jackson.com
cell phone: 517.256.4392work phone: 517.367.3099
work phone extension: 23099
From: Sameer Kumar <sameer.kumar@ashnik.com>
Sent: Monday, September 10, 2018 10:55 AM
To: Rossi, Maria <maria.rossi@jackson.com>
Cc: pgsql-sql@lists.postgresql.org; pgsql-novice@lists.postgresql.org
Subject: Re: md5 and trust and pg_hba.conf
EXTERNAL EMAIL
On Mon, Sep 10, 2018 at 10:46 PM Rossi, Maria <maria.rossi@jackson.com> wrote:
Hi,
Question on pg_hba.conf. I have these entries:
host all psgdba localhost trust
host all psgdba 127.0.0.1/32 trust
host all gd07 localhost trust
host all gd07 127.0.0.1/32 trust
Can you post the whole of pg_hba.conf file?
You might have some other entry that is taking precedence.
Command to logon to Postgres:
/usr/pgsql-9.3/bin/psql -d postgres
If you don't have PGHOST set then most likely you are not going over a tcp connection (which is what host entries in pg_hba are used for). Instead the local entries of pg_hba are taking effect.
If I am logged on ‘gd07’ at the server , it lets me log-on to Postgres without prompting for password
do you have a *.pgpass* file in the home directory?
If I am logged on as ‘psgdba’, it prompts for password.
As you can see, both have ‘trust’, but ‘gd07’ is the instance owner.
Why does ‘psgdba’ prompts? What I am missing?
Your help would be much appreciated.
Thanks.
Maria
--
--
Best Regards,
Sameer Kumar | Senior Solution Architect
ASHNIK PTE. LTD.
36 Robinson Road, #14-04 City House, Singapore 068877
T: +65 6438 3504 | www.ashnik.com
Skype: sameer.ashnik | M: +65 8110 0350
Sameer Kumar | Senior Solution Architect
ASHNIK PTE. LTD.
36 Robinson Road, #14-04 City House, Singapore 068877
T: +65 6438 3504 | www.ashnik.com
Skype: sameer.ashnik | M: +65 8110 0350
Вложения
Both have PGHOST set. gd07 has a .pgpass, but psgdba does not.
Does it still need a .pgpass even if it is already ‘trust’?
Thanks.
Maria A Rossi
Database Administration
Jackson National Life
email: maria.rossi@jackson.com
cell phone: 517.256.4392work phone: 517.367.3099
work phone extension: 23099
From: Sameer Kumar <sameer.kumar@ashnik.com>
Sent: Monday, September 10, 2018 10:55 AM
To: Rossi, Maria <maria.rossi@jackson.com>
Cc: pgsql-sql@lists.postgresql.org; pgsql-novice@lists.postgresql.org
Subject: Re: md5 and trust and pg_hba.conf
EXTERNAL EMAIL
On Mon, Sep 10, 2018 at 10:46 PM Rossi, Maria <maria.rossi@jackson.com> wrote:
Hi,
Question on pg_hba.conf. I have these entries:
host all psgdba localhost trust
host all psgdba 127.0.0.1/32 trust
host all gd07 localhost trust
host all gd07 127.0.0.1/32 trust
Can you post the whole of pg_hba.conf file?
You might have some other entry that is taking precedence.
Command to logon to Postgres:
/usr/pgsql-9.3/bin/psql -d postgres
If you don't have PGHOST set then most likely you are not going over a tcp connection (which is what host entries in pg_hba are used for). Instead the local entries of pg_hba are taking effect.
If I am logged on ‘gd07’ at the server , it lets me log-on to Postgres without prompting for password
do you have a *.pgpass* file in the home directory?
If I am logged on as ‘psgdba’, it prompts for password.
As you can see, both have ‘trust’, but ‘gd07’ is the instance owner.
Why does ‘psgdba’ prompts? What I am missing?
Your help would be much appreciated.
Thanks.
Maria
--
--
Best Regards,
Sameer Kumar | Senior Solution Architect
ASHNIK PTE. LTD.
36 Robinson Road, #14-04 City House, Singapore 068877
T: +65 6438 3504 | www.ashnik.com
Skype: sameer.ashnik | M: +65 8110 0350
Sameer Kumar | Senior Solution Architect
ASHNIK PTE. LTD.
36 Robinson Road, #14-04 City House, Singapore 068877
T: +65 6438 3504 | www.ashnik.com
Skype: sameer.ashnik | M: +65 8110 0350
Вложения
It goes through pg_hba.conf <in order>. So do you have other lines above these lines that would match a local connection,but have md5, or one of the other authentication methods set? Since you mentioned gd07 has a pgpass file then I don't think it's a case of the pg_hba line being right for gd07 and wrongfor psgdba, I think they're both "wrong" in that a previous line is being used which prompts for a password, and sincegd07 has a password stored, then it uses that and winds up connected ok in the end. From: Rossi, Maria [mailto:maria.rossi@jackson.com] Sent: Monday, September 10, 2018 10:46 AM To: 'pgsql-sql@lists.postgresql.org'; 'pgsql-novice@lists.postgresql.org' Subject: md5 and trust and pg_hba.conf Hi, Question on pg_hba.conf. I have these entries: host all psgdba localhost trust host all psgdba 127.0.0.1/32 trust host all gd07 localhost trust host all gd07 127.0.0.1/32 trust Command to logon to Postgres: /usr/pgsql-9.3/bin/psql -d postgres If I am logged on ‘gd07’ at the server , it lets me log-on to Postgres without prompting for password If I am logged on as ‘psgdba’, it prompts for password. As you can see, both have ‘trust’, but ‘gd07’ is the instance owner. Why does ‘psgdba’ prompts? What I am missing? Your help would be much appreciated. Thanks. Maria
It goes through pg_hba.conf <in order>. So do you have other lines above these lines that would match a local connection,but have md5, or one of the other authentication methods set? Since you mentioned gd07 has a pgpass file then I don't think it's a case of the pg_hba line being right for gd07 and wrongfor psgdba, I think they're both "wrong" in that a previous line is being used which prompts for a password, and sincegd07 has a password stored, then it uses that and winds up connected ok in the end. From: Rossi, Maria [mailto:maria.rossi@jackson.com] Sent: Monday, September 10, 2018 10:46 AM To: 'pgsql-sql@lists.postgresql.org'; 'pgsql-novice@lists.postgresql.org' Subject: md5 and trust and pg_hba.conf Hi, Question on pg_hba.conf. I have these entries: host all psgdba localhost trust host all psgdba 127.0.0.1/32 trust host all gd07 localhost trust host all gd07 127.0.0.1/32 trust Command to logon to Postgres: /usr/pgsql-9.3/bin/psql -d postgres If I am logged on ‘gd07’ at the server , it lets me log-on to Postgres without prompting for password If I am logged on as ‘psgdba’, it prompts for password. As you can see, both have ‘trust’, but ‘gd07’ is the instance owner. Why does ‘psgdba’ prompts? What I am missing? Your help would be much appreciated. Thanks. Maria
Hi,
I think, I got it . Thanks for pointing me to the right direction.
Here’s the correct partial pg_hba.conf
host all psgdba localhost trust
host all psgdba 127.0.0.1/32 trust
host all psgdba 10.8.88.141/32 trust
host all psgdba all md5
host all gd07 localhost trust
host all gd07 127.0.0.1/32 trust
host all gd07 10.8.88.141/32 trust
host all gd07 all md5
This line below used to be there. This is the IP of the server. I deleted it and added a ‘trust’ line for psgdba and gd07
host all all 10.8.88.141/32 md5
Works now. Thanks for your help
Sorry for hesitating to post the entire pg_hba.conf.
Thanks again.
Maria
From: Sameer Kumar <sameer.kumar@ashnik.com>
Sent: Monday, September 10, 2018 11:35 AM
To: Rossi, Maria <maria.rossi@jackson.com>
Cc: pgsql-sql@lists.postgresql.org; pgsql-novice@lists.postgresql.org
Subject: Re: md5 and trust and pg_hba.conf
EXTERNAL EMAIL
On Mon, Sep 10, 2018 at 11:22 PM Rossi, Maria <maria.rossi@jackson.com> wrote:
Both have PGHOST set. gd07 has a .pgpass, but psgdba does not.
What is it set to?
Can you post the rest of the pg_hba.conf?
Does it still need a .pgpass even if it is already ‘trust’?
It should not.
Thanks.
From: Sameer Kumar <sameer.kumar@ashnik.com>
Sent: Monday, September 10, 2018 10:55 AM
To: Rossi, Maria <maria.rossi@jackson.com>
Cc: pgsql-sql@lists.postgresql.org; pgsql-novice@lists.postgresql.org
Subject: Re: md5 and trust and pg_hba.conf
EXTERNAL EMAIL
On Mon, Sep 10, 2018 at 10:46 PM Rossi, Maria <maria.rossi@jackson.com> wrote:
Hi,
Question on pg_hba.conf. I have these entries:
host all psgdba localhost trust
host all psgdba 127.0.0.1/32 trust
host all gd07 localhost trust
host all gd07 127.0.0.1/32 trust
Can you post the whole of pg_hba.conf file?
You might have some other entry that is taking precedence.
Command to logon to Postgres:
/usr/pgsql-9.3/bin/psql -d postgres
If you don't have PGHOST set then most likely you are not going over a tcp connection (which is what host entries in pg_hba are used for). Instead the local entries of pg_hba are taking effect.
If I am logged on ‘gd07’ at the server , it lets me log-on to Postgres without prompting for password
do you have a *.pgpass* file in the home directory?
If I am logged on as ‘psgdba’, it prompts for password.
As you can see, both have ‘trust’, but ‘gd07’ is the instance owner.
Why does ‘psgdba’ prompts? What I am missing?
Your help would be much appreciated.
Thanks.
Maria
--
--
Best Regards,
Sameer Kumar | Senior Solution Architect
ASHNIK PTE. LTD.
36 Robinson Road, #14-04 City House, Singapore 068877
T: +65 6438 3504 | www.ashnik.com
Skype: sameer.ashnik | M: +65 8110 0350
--
--
Best Regards,
Sameer Kumar | Senior Solution Architect
ASHNIK PTE. LTD.
36 Robinson Road, #14-04 City House, Singapore 068877
T: +65 6438 3504 | www.ashnik.com
Skype: sameer.ashnik | M: +65 8110 0350
Вложения
Hi,
I think, I got it . Thanks for pointing me to the right direction.
Here’s the correct partial pg_hba.conf
host all psgdba localhost trust
host all psgdba 127.0.0.1/32 trust
host all psgdba 10.8.88.141/32 trust
host all psgdba all md5
host all gd07 localhost trust
host all gd07 127.0.0.1/32 trust
host all gd07 10.8.88.141/32 trust
host all gd07 all md5
This line below used to be there. This is the IP of the server. I deleted it and added a ‘trust’ line for psgdba and gd07
host all all 10.8.88.141/32 md5
Works now. Thanks for your help
Sorry for hesitating to post the entire pg_hba.conf.
Thanks again.
Maria
From: Sameer Kumar <sameer.kumar@ashnik.com>
Sent: Monday, September 10, 2018 11:35 AM
To: Rossi, Maria <maria.rossi@jackson.com>
Cc: pgsql-sql@lists.postgresql.org; pgsql-novice@lists.postgresql.org
Subject: Re: md5 and trust and pg_hba.conf
EXTERNAL EMAIL
On Mon, Sep 10, 2018 at 11:22 PM Rossi, Maria <maria.rossi@jackson.com> wrote:
Both have PGHOST set. gd07 has a .pgpass, but psgdba does not.
What is it set to?
Can you post the rest of the pg_hba.conf?
Does it still need a .pgpass even if it is already ‘trust’?
It should not.
Thanks.
From: Sameer Kumar <sameer.kumar@ashnik.com>
Sent: Monday, September 10, 2018 10:55 AM
To: Rossi, Maria <maria.rossi@jackson.com>
Cc: pgsql-sql@lists.postgresql.org; pgsql-novice@lists.postgresql.org
Subject: Re: md5 and trust and pg_hba.conf
EXTERNAL EMAIL
On Mon, Sep 10, 2018 at 10:46 PM Rossi, Maria <maria.rossi@jackson.com> wrote:
Hi,
Question on pg_hba.conf. I have these entries:
host all psgdba localhost trust
host all psgdba 127.0.0.1/32 trust
host all gd07 localhost trust
host all gd07 127.0.0.1/32 trust
Can you post the whole of pg_hba.conf file?
You might have some other entry that is taking precedence.
Command to logon to Postgres:
/usr/pgsql-9.3/bin/psql -d postgres
If you don't have PGHOST set then most likely you are not going over a tcp connection (which is what host entries in pg_hba are used for). Instead the local entries of pg_hba are taking effect.
If I am logged on ‘gd07’ at the server , it lets me log-on to Postgres without prompting for password
do you have a *.pgpass* file in the home directory?
If I am logged on as ‘psgdba’, it prompts for password.
As you can see, both have ‘trust’, but ‘gd07’ is the instance owner.
Why does ‘psgdba’ prompts? What I am missing?
Your help would be much appreciated.
Thanks.
Maria
--
--
Best Regards,
Sameer Kumar | Senior Solution Architect
ASHNIK PTE. LTD.
36 Robinson Road, #14-04 City House, Singapore 068877
T: +65 6438 3504 | www.ashnik.com
Skype: sameer.ashnik | M: +65 8110 0350
--
--
Best Regards,
Sameer Kumar | Senior Solution Architect
ASHNIK PTE. LTD.
36 Robinson Road, #14-04 City House, Singapore 068877
T: +65 6438 3504 | www.ashnik.com
Skype: sameer.ashnik | M: +65 8110 0350
Вложения
Not a problem. You're always free to remove or obscure private info when posting to a public list, especially things likeIP addresses. We just recommend leaving a note of that in case "something else here" is actually important. So you could say: Here's pg_hba.conf (names have been changed to protect the innocent): #stuff here for specific other databases I'm not trying to connect to host all all ip-of-the-server/32 md5 host all user1 ip-of-the-server/32 trust host all user1 all md5 host all user2 ip-of-the-server/32 trust host all user2 all md5 Then if we think the problem is in the redacted section we can suggest what to look for in there. From: Rossi, Maria [mailto:maria.rossi@jackson.com] Sent: Monday, September 10, 2018 3:47 PM To: 'Sameer Kumar' Cc: pgsql-sql@lists.postgresql.org; pgsql-novice@lists.postgresql.org Subject: RE: md5 and trust and pg_hba.conf Hi, I think, I got it . Thanks for pointing me to the right direction. ... Sorry for hesitating to post the entire pg_hba.conf. Thanks again. Maria
Not a problem. You're always free to remove or obscure private info when posting to a public list, especially things likeIP addresses. We just recommend leaving a note of that in case "something else here" is actually important. So you could say: Here's pg_hba.conf (names have been changed to protect the innocent): #stuff here for specific other databases I'm not trying to connect to host all all ip-of-the-server/32 md5 host all user1 ip-of-the-server/32 trust host all user1 all md5 host all user2 ip-of-the-server/32 trust host all user2 all md5 Then if we think the problem is in the redacted section we can suggest what to look for in there. From: Rossi, Maria [mailto:maria.rossi@jackson.com] Sent: Monday, September 10, 2018 3:47 PM To: 'Sameer Kumar' Cc: pgsql-sql@lists.postgresql.org; pgsql-novice@lists.postgresql.org Subject: RE: md5 and trust and pg_hba.conf Hi, I think, I got it . Thanks for pointing me to the right direction. ... Sorry for hesitating to post the entire pg_hba.conf. Thanks again. Maria