Re: [Ignor Whois] Re: Connect error - Mailing list pgsql-novice

From Bruno Wolff III
Subject Re: [Ignor Whois] Re: Connect error
Date
Msg-id 20040112201254.GA21773@wolff.to
Whole thread Raw
In response to Re: [Ignor Whois] Re: Connect error  (Bill Moseley <moseley@hank.org>)
Responses Re: Connect error
List pgsql-novice
On Mon, Jan 12, 2004 at 10:22:03 -0800,
  Bill Moseley <moseley@hank.org> wrote:
> On Mon, Jan 12, 2004 at 11:57:42AM -0600, Bruno Wolff III wrote:
> >
> > Since sameuser is a special ident map you can't use it as a named map in
> > the pg_ident.conf map.
>
> I thought maybe the pg_ident.conf file was enough to simply say
> "connections from www-data should be considered as coming from user
> moseley" and then sameuser would work (i.e. www-data would be able to
> connect to moseley's databases).

"sameuser" is used in several contexts. One is for the user field and there
it means that if the username matches the database name, then this rule
applies (if the IP address and the connection type also match). The other
usage is for using a default ident map. If you use "sameuser" for the ident
map, then pg_ident.conf doesn't get checked.

> BTW -- when using a map like this that uses the ident service, what dsn
> string is used when connecting?  (I'm using Perl, BTW.)

I am not sure what "dsn" means in this context, so I can't answer this.

>
> > > bumby:/etc/postgresql# fgrep testmap pg_hba.conf pg_ident.conf
> > > pg_hba.conf:host    all         all         127.0.0.1         255.255.255.255   ident testmap
> > > pg_ident.conf:testmap      moseley  www-data
> > >
> > > So I think I'm missing an important concept.
> >
> > I think you are pretty close. In the last case you enabled ident authentication
> > using testmap for internet connections, but unless you did this for local
> > connections (domain sockets) as well, it wouldn't apply since the way you
> > are using psql will use a domain socket to connect (unless you have set
> > the PGHOST environment variable).
>
> You mean adding a "local" entry too?
>
> host    all         all         127.0.0.1         255.255.255.255   ident testmap
> local   all         all                                             ident testmap

Yes.

>
> bumby:/etc/postgresql$ psql newdb
> psql: FATAL:  user "www-data" does not exist

This makes sense since www-data isn't a postgres user.

> bumby:/etc/postgresql$ psql -Umoseley newdb
> psql: FATAL:  IDENT authentication failed for user "moseley"

I think this is caused by have the two names mixed up.
> > > pg_ident.conf:testmap      moseley  www-data
According to the documentation the ident name should be the first name
and the postgres name the second name.

> bumby:/etc/postgresql$ psql -Uwww-data newdb
> psql: FATAL:  user "www-data" does not exist
>
> This is why I ended up creating a new database user with a password and then
> granting access to ALL of my objects to the new database user.  And then
> using that username/password in the connect string in the web
> application.
>
> Can I turn on debugging in Postgresql to see why it's failing?  That
> would likely help resolve the problem.

I don't think that would add any useful information in this case.

pgsql-novice by date:

Previous
From: Bill Moseley
Date:
Subject: Re: [Ignor Whois] Re: Connect error
Next
From: Bill Moseley
Date:
Subject: Re: Connect error