Re: JDBC connection issue - Mailing list pgsql-jdbc
| From | Blaine Simpson |
|---|---|
| Subject | Re: JDBC connection issue |
| Date | |
| Msg-id | 40FEFF0E.6090807@admc.com Whole thread Raw |
| In response to | JDBC connection issue ("Young Nam" <Ynam@sharedmarketing.com>) |
| Responses |
Re: JDBC connection issue
|
| List | pgsql-jdbc |
Oliver Jowett wrote: > Blaine Simpson wrote: > >> Oliver Jowett wrote: >> >>> Blaine Simpson wrote: >>> >>>> You don't need an ident server if you use "md5", you do need an >>>> ident server if you >>>> use "trust". >>> >>> >>> >>> >>> No. Please read >>> http://www.postgresql.org/docs/7.4/static/auth-methods.html#AUTH-TRUST >> >> >> >> I did. It says nothing about setting up trust for networks sockets, >> implying that it is wide open. > > > Are we reading the same document? The URL I provided explicitly talks > about network sockets & trust auth. I quote: > > trust authentication is only suitable for TCP/IP connections if you > trust every user on every machine that is allowed to connect to the > server by the pg_hba.conf lines that specify trust. It is seldom > reasonable to use trust for any TCP/IP connections other than those > from localhost (127.0.0.1). I have very good reading comprehension. It says when TCP/IP suitable to use, but says nothing about what the requirements are. As I said, that IMPLIES that there are no additional requirements and it is wide open. The reason I question the implication is not that I can't read, but because I have tried to use psql (not JDBC) over tcpip sockets with "ident", and, what do you know, just like Kris said, there were system log messages about ident failures. This is because identd is disabled on our servers and blocked by our firewalls. >> But, as I've found in practice, and as Kris Jurka has pointed out, >> you do have to satisfy ident >> protocol requirements to use trust with network sockets. > > > You are misquoting Kris. He said: > >>> "trust" has nothing to do with "ident" authentication, trust does >>> not do >>> any authentication at all and just lets you in. >> I know he said that, and I disagree with that because immediately after he says that "Using ident authentication can be tricky with JDBC" (you can't do non-network socket ident with JDBC according to everything I've read about using the JDBC Driver) and "On the server side... requiring kernel support for passing user infomation and tcp/ip sockets requiring an ident server.". Yes, PG server-side code requires identd setup to use ident & tcp/ip. > When trust auth is configured (for a particular source address), no > ident query is done at all, so whether that source IP is running an > ident server or not is irrelevant. > > -O -- ICF: 703-934-3692 Cell: 703-944-9317
pgsql-jdbc by date: