Re: pg_hba.conf change in 7.4 - Mailing list pgsql-general
| From | Bruce Momjian |
|---|---|
| Subject | Re: pg_hba.conf change in 7.4 |
| Date | |
| Msg-id | 200311201729.hAKHTnk06159@candle.pha.pa.us Whole thread Raw |
| In response to | Re: pg_hba.conf change in 7.4 (Seum-Lim Gan <slgan@lucent.com>) |
| Responses |
Re: pg_hba.conf change in 7.4
(Seum-Lim Gan <slgan@lucent.com>)
|
| List | pgsql-general |
I think what happens is that when we listen on IPv4 and IPv6, that all connections get IPv6. What OS are you using? --------------------------------------------------------------------------- Seum-Lim Gan wrote: > Hi Bruce, > > Thanks for the info. > I captured the netstat output below. > > Looks like there is a bunch of IPv4 being used. > > Any idea how this can be resolved ? > > Thanks. > > Gan > > UDP: IPv6 > Local Address Remote Address > State If > --------------------------------- --------------------------------- > ---------- ----- > localhost.35847 localhost.35847 Connected > > TCP: IPv4 > Local Address Remote Address Swind Send-Q Rwind Recv-Q State > -------------------- -------------------- ----- ------ ----- ------ ------- > localhost.32906 localhost.14500 49152 0 49152 0 ESTABLISHED > localhost.14500 localhost.32906 49152 0 49152 0 ESTABLISHED > localhost.32908 localhost.14500 49152 0 49152 0 ESTABLISHED > localhost.14500 localhost.32908 49152 0 49152 0 ESTABLISHED > localhost.32910 localhost.14500 49152 0 49152 0 ESTABLISHED > localhost.14500 localhost.32910 49152 0 49152 0 ESTABLISHED > localhost.32911 localhost.14500 49152 0 49152 0 ESTABLISHED > localhost.14500 localhost.32911 49152 0 49152 0 ESTABLISHED > localhost.32913 localhost.14500 49152 0 49152 0 ESTABLISHED > localhost.14500 localhost.32913 49152 0 49152 0 ESTABLISHED > localhost.32915 localhost.14500 49152 0 49152 0 ESTABLISHED > localhost.14500 localhost.32915 49152 0 49152 0 ESTABLISHED > localhost.32917 localhost.14500 49152 0 49152 0 ESTABLISHED > localhost.14500 localhost.32917 49152 0 49152 0 ESTABLISHED > localhost.32919 localhost.14500 49152 0 49152 0 ESTABLISHED > localhost.14500 localhost.32919 49152 0 49152 0 ESTABLISHED > localhost.32920 localhost.14500 49152 0 49152 0 ESTABLISHED > localhost.14500 localhost.32920 49152 0 49152 0 ESTABLISHED > localhost.32922 localhost.14500 49152 0 49152 0 ESTABLISHED > localhost.14500 localhost.32922 49152 0 49152 0 ESTABLISHED > localhost.32923 localhost.14500 49152 0 49152 0 ESTABLISHED > localhost.14500 localhost.32923 49152 0 49152 0 ESTABLISHED > localhost.32924 localhost.14500 49152 0 49152 0 ESTABLISHED > localhost.14500 localhost.32924 49152 0 49152 0 ESTABLISHED > localhost.32926 localhost.14500 49152 0 49152 0 ESTABLISHED > localhost.14500 localhost.32926 49152 0 49152 0 ESTABLISHED > localhost.32927 localhost.14500 49152 0 49152 0 ESTABLISHED > localhost.14500 localhost.32927 49152 0 49152 0 ESTABLISHED > localhost.33086 localhost.14500 49152 0 49152 0 ESTABLISHED > localhost.14500 localhost.33086 49152 0 49152 0 ESTABLISHED > localhost.33087 localhost.14500 49152 0 49152 0 ESTABLISHED > localhost.14500 localhost.33087 49152 0 49152 0 ESTABLISHED > localhost.50882 localhost.14502 49152 0 49152 0 ESTABLISHED > localhost.14502 localhost.50882 49152 0 49152 0 ESTABLISHED > localhost.50883 localhost.14500 49152 0 49152 0 ESTABLISHED > localhost.14500 localhost.50883 49152 0 49152 0 ESTABLISHED > > At 12:11 pm -0500 2003/11/20, Bruce Momjian wrote: > >Seum-Lim Gan wrote: > >> Hi, > >> > >> In 7.4, I noticed there is this ::1 and ffff: (x8 of them) > >> for IPv6. > >> > >> I looked at the documentation and there is nothing that says > >> what the ::1 is for. > > > >The ::1 is a IPv6 shorthand for 127.0.0.1 (localhost). > > > >> Commenting out that line will prevent access to PostgreSQL > >> from psql unless I put trust for that line. > >> > >> This is what I had in 7.3.4: > >> host all all 127.0.0.1 255.255.255.255 > > > ident pspmap > >> local all all password > >> host all all 0.0.0.0 0.0.0.0 reject > >> > >> But in 7.4, it does not work anymore. It seems to want ::1 to be somewhere. > >> If I change the line with ::1 from trust to ident pspmap, it complains that > >> the user cannot be found. But it is in the pspmap. Message fromm psql: > > > >Seems you have an OS that makes all connections IPv6, even IPv4 ones. > >That is why we had to have that line in there. Seems ::1 controls your > >local connections on that platform. Some platforms have distinct IPv4 > >and IPv6 connections, so we have to include both lines in the file. > > > >> Right now, I have it set to trust to work around. > >> Any idea what to do about this ? > >> > >> host all all 127.0.0.1 255.255.255.255 > >> ident pspmap > >> local all all password > >> host all all 0.0.0.0 0.0.0.0 reject > >> # IPv4-style local connections: > >> #host all all 127.0.0.1 255.255.255.255 trust > >> # IPv6-style local connections: > >> host all all ::1 > >> ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff trust > > > >Yea, that's about it. My guess is that nothing is coming in via IPv4 on > >your machine so 127.0.0.1 does nothing. Perhaps netstat will show the > >IP address family used. > > > >-- > > Bruce Momjian | http://candle.pha.pa.us > > pgman@candle.pha.pa.us | (610) 359-1001 > > + If your life is a hard drive, | 13 Roberts Road > > + Christ can be your backup. | Newtown Square, Pennsylvania 19073 > > > -- > +--------------------------------------------------------+ > | Seum-Lim GAN email : slgan@lucent.com | > | Lucent Technologies | > | 2000 N. Naperville Road, 6B-403F tel : (630)-713-6665 | > | Naperville, IL 60566, USA. fax : (630)-713-7272 | > | web : http://inuweb.ih.lucent.com/~slgan | > +--------------------------------------------------------+ > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
pgsql-general by date: