I've been running the web app on port 8080 all this time. Only now the
conf files were updated as follows:
host all xxx.yy.zzz.vv 255.255.255.255 ident newmode
newmode root username
where xxx.yy.zzz.vv is external IP of localhost.
I'm still getting an exception when connecting from the web ap on port
80, however:
2003-01-25 14:49:44 A connection error has occurred: FATAL 1: IDENT
authentication failed for user "username"
at
org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(AbstractJdbc
1Connection.java:202)
at org.postgresql.Driver.connect(Driver.java:122)
What happens apparently is that the server runs as root, so my web app
on port 80 also runs as root, and it tries to connect as root.
These additions are now pending authorization:
local all ident
newmode
host all 127.0.0.1 255.0.0.0 ident
newmode
I'd appreciate any further suggestions. The web app runs just fine on
port 8080, when server runs as "username".
P.S. The server runs as root, and that is not likely to change. It
appears that IDENT is functioning, but how could that be checked other
than the message above?
Sincerely,
r.
-----Original Message-----
From: Tom Lane [mailto:tgl@sss.pgh.pa.us]
Sent: Wednesday, January 01, 2003 2:31 PM
To: Reshat Sabiq
Cc: pgsql-novice@postgresql.org
Subject: Re: [NOVICE] localhost connects, same code on other host fails
"Reshat Sabiq" <sabiq@purdue.edu> writes:
> P.P.P.S. The localhost-based app is running as myself on port 8080,
> whereas the non-localhost-based app is running as root on port 80.
Well, then IDENT is going to reject the connection, because the actual
Unix login name on the client side doesn't match the postgres username
you're trying to use. (There's also theory B: you don't have a working
IDENT service on the client machine at all.)
Since I cannot imagine any good reason for running a client as root when
it doesn't absolutely have to be root, my advice is to use a saner login
setup on the client: viz, run the app as postgres, or whatever userid
you want it to be for postgres purposes. Otherwise, use some different
authentication setup than "ident sameuser".
regards, tom lane