I am trying to secure my database server. Currently I am not running ssl bu am
using md5 passwords.
I have 3 database users "bls-db", "bls-dbusr", and "bls-dbdev". These to not
map directly to the unix usernames at all.
I would like to have bls-db be able to connect to all the databases and the
other two to only connect to 1 database in the cluster.
I was trying to use the file argument to md5 but it does not seem to work.
Here is a sample of my pg_hba.conf file
# TYPE DATABASE IP_ADDRESS MASK AUTH_TYPE AUTH_ARGUMENT
host bls-tim 157.184.40.0 255.255.255.0 md5 blsusers
host bls-tim 157.184.42.0 255.255.255.0 md5 blsusers
host bls-tim 157.184.44.0 255.255.255.0 md5 blsusers
host all 157.184.40.0 255.255.255.0 md5 admins
host all 157.184.42.0 255.255.255.0 md5 admins
host all 157.184.44.0 255.255.255.0 md5 admins
The admins file contains one line that reads:
bls-db
The blsusers file contains 2 lines that reads:
bls-dbusr
bls-dbdev
When I connect as bls-dbusr to template1 I get the following error.
[gibson@cih]<>/i/bls/tools/sparc-SunOS-5.8/bin/:./psql -U bls-dbusr -h pgsql-db template1
Password:
psql: FATAL 1: Password authentication failed for user "bls-dbusr"
When I connect as bls-dbusr to bls-tim I get the following error.
[gibson@cih]<>/i/bls/tools/sparc-SunOS-5.8/bin/:./psql -U bls-dbusr -h pgsql-db bls-tim
Password:
psql: FATAL 1: Password authentication failed for user "bls-dbusr"
Am I doing something wrong? How can I fix this?
Thanks in advance.
--
John Gibson jgibson@lexmark.com
When I become an Evil Overlord:
My troops will receive special training so that they may shoot the tires of a
moving vehicle.
