Re: pg_hba.conf change in 7.4 - Mailing list pgsql-general

From Bruce Momjian
Subject Re: pg_hba.conf change in 7.4
Date
Msg-id 200312061625.hB6GPCD09684@candle.pha.pa.us
Whole thread Raw
In response to pg_hba.conf change in 7.4  (Seum-Lim Gan <slgan@lucent.com>)
List pgsql-general
[ Original email attached.]

> I wonder if there is any recommendation to this ?
> Is there a way to configure PostgreSQL to not use
> IPv6 ?

I don't know what you want us to do about it?  Your OS is accepting all
connections as IPv6, so you have to control that with IPv6 addresses in
pg_hba.conf.

> We are also wonder if there is a version of Ident server
> that the PostgreSQL community knows that will work
> with IPv6.

That is the big question.  I would think Solaris ships with one, but
maybe not.  Is 7.4/Solaris/ident not a workable combination?  Folks?

---------------------------------------------------------------------------

pgman wrote:
> Seum-Lim Gan wrote:
> > Hi,
> >
> > In 7.4, I noticed there is this ::1 and ffff: (x8 of them)
> > for IPv6.
> >
> > I looked at the documentation and there is nothing that says
> > what the ::1 is for.
>
> The ::1 is a IPv6 shorthand for 127.0.0.1 (localhost).
>
> > Commenting out that line will prevent access to PostgreSQL
> > from psql unless I put trust for that line.
> >
> > This is what I had in 7.3.4:
> > host    all         all         127.0.0.1         255.255.255.255
> > ident pspmap
> > local   all         all                                             password
> > host    all         all         0.0.0.0        0.0.0.0          reject
> >
> > But in 7.4, it does not work anymore. It seems to want ::1 to be somewhere.
> > If I change the line with ::1 from trust to ident pspmap, it complains that
> > the user cannot be found. But it is in the pspmap. Message fromm psql:
>
> Seems you have an OS that makes all connections IPv6, even IPv4 ones.
> That is why we had to have that line in there.  Seems ::1 controls your
> local connections on that platform.  Some platforms have distinct IPv4
> and IPv6 connections, so we have to include both lines in the file.
>
> > Right now, I have it set to trust to work around.
> > Any idea what to do about this ?
> >
> > host    all         all         127.0.0.1         255.255.255.255
> > ident pspmap
> > local   all         all                                             password
> > host    all         all         0.0.0.0        0.0.0.0          reject
> > # IPv4-style local connections:
> > #host    all         all         127.0.0.1         255.255.255.255   trust
> > # IPv6-style local connections:
> > host    all         all         ::1
> > ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff        trust
>
> Yea, that's about it.  My guess is that nothing is coming in via IPv4 on
> your machine so 127.0.0.1 does nothing.  Perhaps netstat will show the
> IP address family used.
>
> --
>   Bruce Momjian                        |  http://candle.pha.pa.us
>   pgman@candle.pha.pa.us               |  (610) 359-1001
>   +  If your life is a hard drive,     |  13 Roberts Road
>   +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

pgsql-general by date:

Previous
From: Cott Lang
Date:
Subject: Re: What is WAL used for?
Next
From: Bruce Momjian
Date:
Subject: Re: pg_hba.conf change in 7.4