Tom Lane wrote:
> Tom Allison <tom@tacocat.net> writes:
>> host all all 127.0.0.1/32 md5
>> hostssl all all 192.168.0.1/24 md5
> ^^^^^^^^^^^^^^
>
> That needs to be 192.168.0.0/24 ... as is, it won't match anything.
>
>> But I have a localhost client that can't log in because it keeps trying to
>> authenticate via SSL.
>
Sorry, I mixed it up.
Copying from the pg_hba.conf:
# Database administrative login by UNIX sockets
local all postgres ident sameuser
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host dbmail all 127.0.0.1/32 md5
host all all 192.168.1.0/24 md5
host all all 192.168.0.0/24 md5
# IPv6 local connections:
host all all ::1/128 md5
I would like to be able to set change the lines maching 192.168...
to
hostssl all all 192.168....
and set ssl=true in postgres.conf
But when I do, the localhost connections try to do ssl first and then fail.
Setting
hostnossl dbmail all 127.0.0.1/32 md5
didn't seem to help but I might have missed something at the time.