Re: pg_hda.conf - Mailing list pgsql-novice

From Oliver Elphick
Subject Re: pg_hda.conf
Date
Msg-id 1069508475.5767.313.camel@linda.lfix.co.uk
Whole thread Raw
In response to Re: pg_hda.conf  (Bo Lorentsen <bl@netgroup.dk>)
Responses Re: pg_hda.conf
List pgsql-novice
On Fri, 2003-11-21 at 23:47, Bo Lorentsen wrote:
> On Fri, 2003-11-21 at 23:18, Oliver Elphick wrote:
>
> > Automatic update is now controlled by a debconf question; the default
> > answer is no.
> Ahh, then I just need to know how to turn this on, as I newer have
> altered the debconf data manualy.

As root:
   dpkg-reconfigure postgresql

> Btw. I also did get some debconf warnings, but I did not store them
> anywhere (as far as I know). Does it matter that I use your woody
> packages on sarge (regarding debconf) ?

I don't think so.

> > Please show all the uncommented lines.  Remember that the *first* match
> > is what governs.  If an  earlier "ident sameuser" line has matched, your
> > later additions will have no effect.
> Thanks, but I tried to take this in account, but here goes :
>
> # DO NOT DISABLE!
> # If you change this next entry you will need to make sure the postgres user
> # can access the database using some other method.  The postgres user needs
> # non-interactive access to all databases during automatic maintenance
> # (see the vacuum command and the /usr/lib/postgresql/bin/do.maintenance
> # script).
> local   all         postgres                                      trust
> local   all         all                                           trust
> host    all         all       127.0.0.1         255.255.255.255   trust
> host    all         all       0.0.0.0           0.0.0.0           reject

This certainly isn't the distributed file.  What you have there should
allow any user to connect on the local machine and change his identity
at will.  Is it this file that is giving you trouble?  If this file is
giving you ident errors, it cannot be the file the postmaster is using.

The actual file read by the postmaster is in $PGDATA/pg_hba.conf.  On
Debian, that should be a symbolic link to /etc/postgresql/pg_hba.conf.
If the link has been broken, no amount of editing the wrong file will
fix things!

> > If the old pg_hba.conf was different, the resulting behaviour would
> > probably be different.  What changes were there between the old and the
> > new?  (If you had "ident sameuser" in 7.3 (or earlier) you would never
> > have been able to switch identities -- this has not changed between
> > versions.)
> Hmm, no changes was really made, but the old file  was overwritten, so I
> made a new one that contained what was needed (or at least what was what
> I hoped for), and it looks like the old one :-)

This is the distributed file:

# DO NOT DISABLE!
# If you change this first entry you will need to make sure the postgres user
# can access the database using some other method.  The postgres user needs
# non-interactive access to all databases during automatic maintenance
# (see the vacuum command and the /usr/lib/postgresql/bin/do.maintenance
# script).
#
# TYPE  DATABASE    USER        IP-ADDRESS        IP-MASK           METHOD
# Database administrative login by UNIX sockets
local   all         postgres                                        ident sameuser
#
# All other connections by UNIX sockets
local   all         all                                             ident sameuser
#
# All IPv4 connections from localhost
host    all         all         127.0.0.1         255.255.255.255   ident sameuser
#
# All IPv6 localhost connections
host    all         all         ::1               ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff        ident sameuser
host    all         all         ::ffff:127.0.0.1/128                ident sameuser
#
# reject all other connection attempts
host    all         all         0.0.0.0           0.0.0.0           reject

To allow "www-data" to connect and change identity to "wiki" you would
need to change "sameuser" to a map name and put an associated entry in
pg_ident.conf.  See the manual for details.

--
Oliver Elphick                                Oliver.Elphick@lfix.co.uk
Isle of Wight, UK                             http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839  932A 614D 4C34 3E1D 0C1C
                 ========================================
     "Can two walk together, except they be agreed?"
                                     Amos 3:3


pgsql-novice by date:

Previous
From: Roy MacGregor Paterson
Date:
Subject: Re: Environment variables
Next
From: Bruno LEVEQUE
Date:
Subject: Re: Environment variables