Re: strange behavior of pg_hba.conf file - Mailing list pgsql-general

From Adrian Klaver
Subject Re: strange behavior of pg_hba.conf file
Date
Msg-id 1e3b7fe2-384b-4348-ad0b-24fe39932957@aklaver.com
Whole thread Raw
In response to Re: strange behavior of pg_hba.conf file  (Atul Kumar <akumar14871@gmail.com>)
List pgsql-general


On 11/22/23 10:03 AM, Atul Kumar wrote:
Please can you share any command  for due diligence whether ip is resolved to ipv6 ?.


This:

psql -d postgres -U postgres -p 5432 -h localhost

where pretty sure

/etc/hosts

is resolving localhost --> ::1


On Wed, Nov 22, 2023 at 11:25 PM Andreas Kretschmer <andreas@a-kretschmer.de> wrote:


Am 22.11.23 um 18:44 schrieb Atul Kumar:
> I am giving this command
> psql -d postgres -U postgres -p 5432 -h localhost
> Then only I get that error.

so localhost resolved to an IPv6 - address ...

>
> but when I  pass ip or hostname of the local server then I don't get
> such error message
> 1. psql -d postgres -U postgres -p 5432 -h <ip of local server>
> 2. psql -d postgres -U postgres -p 5432 -h <hostname of local server>

resolves to an IPv4 - address. you can see the difference?

localhost != iv4-address != hostname with ipv4 address

Andreas

>
>
> I don;t get that error while using the above two commands.
>
>
> Regards.
>
>
> On Wed, Nov 22, 2023 at 10:45 PM Adrian Klaver
> <adrian.klaver@aklaver.com> wrote:
>
>     On 11/22/23 09:03, Atul Kumar wrote:
>     > The entries that I changed were to replace the md5 with
>     scram-sha-256
>     > and remove unnecessary remote IPs.
>
>     FYI from:
>
>     https://www.postgresql.org/docs/current/auth-password.html
>
>     md5
>
>          The method md5 uses a custom less secure challenge-response
>     mechanism. It prevents password sniffing and avoids storing
>     passwords on
>     the server in plain text but provides no protection if an attacker
>     manages to steal the password hash from the server. Also, the MD5
>     hash
>     algorithm is nowadays no longer considered secure against determined
>     attacks.
>
>          The md5 method cannot be used with the db_user_namespace feature.
>
>          To ease transition from the md5 method to the newer SCRAM
>     method,
>     if md5 is specified as a method in pg_hba.conf but the user's
>     password
>     on the server is encrypted for SCRAM (see below), then SCRAM-based
>     authentication will automatically be chosen instead.
>
>     >
>     > But it has nothing to do with connecting the server locally with
>     "psql
>     > -d postgres -U postgres -h localhost"
>
>     The error:
>
>     no pg_hba.conf entry for host "::1", user "postgres", database
>     "postgres
>
>
>     says it does and the error is correct as you do not have an IPv6
>     entry
>     for localhost in pg_hba.conf. At least in the snippet you showed us.
>
>
>     >
>     > But when I try to connect it locally I get this error. So it is
>     related
>
>     When you say connect locally do you mean to localhost or to
>     local(socket)?
>
>     > to local connections only and when I pass the hostname or ip of the
>     > server it works fine without any issue.
>     >
>     >
>     > Regards.
>     >
>
>     --
>     Adrian Klaver
>     adrian.klaver@aklaver.com
>

--
Andreas Kretschmer - currently still (garden leave)
Technical Account Manager (TAM)
www.enterprisedb.com



pgsql-general by date:

Previous
From: Atul Kumar
Date:
Subject: Re: strange behavior of pg_hba.conf file
Next
From: Adrian Klaver
Date:
Subject: Re: strange behavior of pg_hba.conf file