Обсуждение: md5 and trust and pg_hba.conf

It goes through pg_hba.conf <in order>. So do you have other lines above these lines that would match a local
connection,but have md5, or one of the other authentication methods set?
 

Since you mentioned gd07 has a pgpass file then I don't think it's a case of the pg_hba line being right for gd07 and
wrongfor psgdba, I think they're both "wrong" in that a previous line is being used which prompts for a password, and
sincegd07 has a password stored, then it uses that and winds up connected ok in the end.
 


From: Rossi, Maria [mailto:maria.rossi@jackson.com] 
Sent: Monday, September 10, 2018 10:46 AM
To: 'pgsql-sql@lists.postgresql.org'; 'pgsql-novice@lists.postgresql.org'
Subject: md5 and trust and pg_hba.conf

Hi,

Question on pg_hba.conf.  I have these entries:

host    all             psgdba           localhost           trust
host    all             psgdba           127.0.0.1/32            trust
host    all             gd07           localhost                trust
host    all             gd07            127.0.0.1/32           trust


Command to logon to Postgres:
/usr/pgsql-9.3/bin/psql -d postgres

If I am logged on ‘gd07’  at the server , it lets me log-on to Postgres without prompting for password
If I am logged on as ‘psgdba’, it prompts for password.
As you can see, both have ‘trust’, but ‘gd07’ is the instance owner.

Why does ‘psgdba’ prompts?  What I am missing?
Your help would be much appreciated.

Thanks.
Maria

It goes through pg_hba.conf <in order>. So do you have other lines above these lines that would match a local
connection,but have md5, or one of the other authentication methods set?
 

Since you mentioned gd07 has a pgpass file then I don't think it's a case of the pg_hba line being right for gd07 and
wrongfor psgdba, I think they're both "wrong" in that a previous line is being used which prompts for a password, and
sincegd07 has a password stored, then it uses that and winds up connected ok in the end.
 


From: Rossi, Maria [mailto:maria.rossi@jackson.com] 
Sent: Monday, September 10, 2018 10:46 AM
To: 'pgsql-sql@lists.postgresql.org'; 'pgsql-novice@lists.postgresql.org'
Subject: md5 and trust and pg_hba.conf

Hi,

Question on pg_hba.conf.  I have these entries:

host    all             psgdba           localhost           trust
host    all             psgdba           127.0.0.1/32            trust
host    all             gd07           localhost                trust
host    all             gd07            127.0.0.1/32           trust


Command to logon to Postgres:
/usr/pgsql-9.3/bin/psql -d postgres

If I am logged on ‘gd07’  at the server , it lets me log-on to Postgres without prompting for password
If I am logged on as ‘psgdba’, it prompts for password.
As you can see, both have ‘trust’, but ‘gd07’ is the instance owner.

Why does ‘psgdba’ prompts?  What I am missing?
Your help would be much appreciated.

Thanks.
Maria

Not a problem. You're always free to remove or obscure private info when posting to a public list, especially things
likeIP addresses. We just recommend leaving a note of that in case "something else here" is actually important.
 

So you could say:

Here's pg_hba.conf (names have been changed to protect the innocent):

#stuff here for specific other databases I'm not trying to connect to
host  all  all    ip-of-the-server/32  md5
host  all  user1  ip-of-the-server/32  trust
host  all  user1  all                  md5
host  all  user2  ip-of-the-server/32  trust
host  all  user2  all                  md5


Then if we think the problem is in the redacted section we can suggest what to look for in there.



From: Rossi, Maria [mailto:maria.rossi@jackson.com] 
Sent: Monday, September 10, 2018 3:47 PM
To: 'Sameer Kumar'
Cc: pgsql-sql@lists.postgresql.org; pgsql-novice@lists.postgresql.org
Subject: RE: md5 and trust and pg_hba.conf

Hi,

I think, I  got it .   Thanks for pointing me to the right direction.
...
Sorry for hesitating to post the entire pg_hba.conf.   

Thanks again.

Maria

Not a problem. You're always free to remove or obscure private info when posting to a public list, especially things
likeIP addresses. We just recommend leaving a note of that in case "something else here" is actually important.
 

So you could say:

Here's pg_hba.conf (names have been changed to protect the innocent):

#stuff here for specific other databases I'm not trying to connect to
host  all  all    ip-of-the-server/32  md5
host  all  user1  ip-of-the-server/32  trust
host  all  user1  all                  md5
host  all  user2  ip-of-the-server/32  trust
host  all  user2  all                  md5


Then if we think the problem is in the redacted section we can suggest what to look for in there.



From: Rossi, Maria [mailto:maria.rossi@jackson.com] 
Sent: Monday, September 10, 2018 3:47 PM
To: 'Sameer Kumar'
Cc: pgsql-sql@lists.postgresql.org; pgsql-novice@lists.postgresql.org
Subject: RE: md5 and trust and pg_hba.conf

Hi,

I think, I  got it .   Thanks for pointing me to the right direction.
...
Sorry for hesitating to post the entire pg_hba.conf.   

Thanks again.

Maria