Re: strange behavior of pg_hba.conf file - Mailing list pgsql-general
| From | Andreas Kretschmer |
|---|---|
| Subject | Re: strange behavior of pg_hba.conf file |
| Date | |
| Msg-id | 8758be84-0309-6ead-4d66-4d86a719f333@a-kretschmer.de Whole thread Raw |
| In response to | Re: strange behavior of pg_hba.conf file (Atul Kumar <akumar14871@gmail.com>) |
| Responses |
Re: strange behavior of pg_hba.conf file
Re: strange behavior of pg_hba.conf file |
| List | pgsql-general |
Am 22.11.23 um 18:44 schrieb Atul Kumar: > I am giving this command > psql -d postgres -U postgres -p 5432 -h localhost > Then only I get that error. so localhost resolved to an IPv6 - address ... > > but when I pass ip or hostname of the local server then I don't get > such error message > 1. psql -d postgres -U postgres -p 5432 -h <ip of local server> > 2. psql -d postgres -U postgres -p 5432 -h <hostname of local server> resolves to an IPv4 - address. you can see the difference? localhost != iv4-address != hostname with ipv4 address Andreas > > > I don;t get that error while using the above two commands. > > > Regards. > > > On Wed, Nov 22, 2023 at 10:45 PM Adrian Klaver > <adrian.klaver@aklaver.com> wrote: > > On 11/22/23 09:03, Atul Kumar wrote: > > The entries that I changed were to replace the md5 with > scram-sha-256 > > and remove unnecessary remote IPs. > > FYI from: > > https://www.postgresql.org/docs/current/auth-password.html > > md5 > > The method md5 uses a custom less secure challenge-response > mechanism. It prevents password sniffing and avoids storing > passwords on > the server in plain text but provides no protection if an attacker > manages to steal the password hash from the server. Also, the MD5 > hash > algorithm is nowadays no longer considered secure against determined > attacks. > > The md5 method cannot be used with the db_user_namespace feature. > > To ease transition from the md5 method to the newer SCRAM > method, > if md5 is specified as a method in pg_hba.conf but the user's > password > on the server is encrypted for SCRAM (see below), then SCRAM-based > authentication will automatically be chosen instead. > > > > > But it has nothing to do with connecting the server locally with > "psql > > -d postgres -U postgres -h localhost" > > The error: > > no pg_hba.conf entry for host "::1", user "postgres", database > "postgres > > > says it does and the error is correct as you do not have an IPv6 > entry > for localhost in pg_hba.conf. At least in the snippet you showed us. > > > > > > But when I try to connect it locally I get this error. So it is > related > > When you say connect locally do you mean to localhost or to > local(socket)? > > > to local connections only and when I pass the hostname or ip of the > > server it works fine without any issue. > > > > > > Regards. > > > > -- > Adrian Klaver > adrian.klaver@aklaver.com > -- Andreas Kretschmer - currently still (garden leave) Technical Account Manager (TAM) www.enterprisedb.com
pgsql-general by date: