Re: Connection fails on one system in a address range allowed to connect - Mailing list pgsql-general

From Tom Lane
Subject Re: Connection fails on one system in a address range allowed to connect
Date
Msg-id 1671956.1700664040@sss.pgh.pa.us
Whole thread Raw
In response to Re: Connection fails on one system in a address range allowed to connect  (Laurenz Albe <laurenz.albe@cybertec.at>)
List pgsql-general
Laurenz Albe <laurenz.albe@cybertec.at> writes:
> On Tue, 2023-11-21 at 23:27 +0000, Johnson, Bruce E - (bjohnson) wrote:
>> DBI connect('dbname=webdata;host=dhbpostgres.pharmacy.arizona.edu;port=5432','trav',...) failed: FATAL:  password
authenticationfailed for user "trav" 
>> FATAL:  no pg_hba.conf entry for host "150.135.124.50", user "trav", database "webdata", no encryption at
./pg_test.plline 8. 
>>
>> The pg_hba.conf on the server includes this which should encompass all systems in this VLAN
>> # external 'OldMTM' site range
>> hostssl all all 150.135.124.0/25 password

> "no encryption" does not match a "hostssl" entry.

Yeah.  What is probably happening here is that (with the default sslmode)
libpq is trying an SSL connection, that's failing for some reason, and
then it tries a non-SSL connection which definitely fails for lack of
a matching pg_hba.conf entry; and then for some other reason you are
only shown the message concerning the last attempt.

Theory B is that your libpq wasn't compiled with SSL support so it
skips right to the non-SSL attempt.

Laurenz's suggestion of adding sslmode=require is a good debugging
step either way, since it will either tell you for sure that you
are missing SSL support or show you the failure from the single
SSL-enabled attempt.  Alternatively, turn on log_connections and
see what the server log captures.  (You might need to do that
anyway if the client-side message isn't sufficiently informative.)

            regards, tom lane



pgsql-general by date:

Previous
From: "Efrain J. Berdecia"
Date:
Subject: Re: pg_restore enhancements
Next
From: Ron Johnson
Date:
Subject: Re: Removing oids with pg_repack