Question on ident authorization - Mailing list pgsql-hackers

From Kenny H Klatt
Subject Question on ident authorization
Date
Msg-id 20020407235246.GA23217@alpha3.csd.uwm.edu
Whole thread Raw
Responses Re: Question on ident authorization
List pgsql-hackers
Hello:Not sure of where to post this, it's not a bug, more of an 
application note..  Using linux and iptables as a firewall, requests for 
services are redirected to the machines providing those services, including
postgress.  This approach has been in place for over a year, and includes
oracle, postgress, and apache web services.  It is not without its issues,
and security is greatly enhanced.  On a seperate machine behind the 
firewall, the postgress 7.2.1 release was installed for testing and migration.
       Inital testing worked well.  When it was decided to have applications 
normally directed at production try the development instance, ident 
authenication failed.   All other tests passed, including hostssl 
connections.  When the firewall redirects traffic to its intended service
provider using the same port postgress is using ident works.  When the 
ports are not the same, ident authenication fails.  User/password and hostssl 
connections continue to work though.
I do not know the interchange of communication traffic when
ident authenication is used, and postgress is the only service currently 
in use that provides ident authenication.  Would anyone know if the ports
need to be identical for ident to function, or is it a definition of how
ident works for postgress?

Ken Klatt


pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: Debugging symbols by default
Next
From: Hiroshi Inoue
Date:
Subject: Re: timeout implementation issues