Re: confirming security. - Mailing list pgsql-general
| From | Maz Mohammadi |
|---|---|
| Subject | Re: confirming security. |
| Date | |
| Msg-id | 9F992F0A0D9BA04F914597F75435942D09576C4DF5@MBX36.exg5.exghost.com Whole thread Raw |
| In response to | Re: confirming security. (Adrian Klaver <adrian.klaver@gmail.com>) |
| Responses |
Re: confirming security.
(John R Pierce <pierce@hogranch.com>)
|
| List | pgsql-general |
Ahhh yes....it is now... =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D # TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only #local all all trust # IPv4 local connections: #host all all 127.0.0.1/32 trust # IPv6 local connections: #host all all ::1/128 trust # Allow replication connections from localhost, by a user with the # replication privilege. #local replication postgres-xc trust #host replication postgres-xc 127.0.0.1/32 trust #host replication postgres-xc ::1/128 trust hostssl all all 127.0.0.1/32 cert =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D And the result... postgres-xc@adminuser-VirtualBox:~/coord$ psql -h localhost testdb psql: FATAL: connection requires a valid client certificate FATAL: no pg_hba.conf entry for host "127.0.0.1", user "postgres-xc", data= base "testdb", SSL off Thank you so much! -----Original Message----- From: Adrian Klaver [mailto:adrian.klaver@gmail.com]=20 Sent: Friday, February 22, 2013 10:58 AM To: Maz Mohammadi Cc: John R Pierce; pgsql-general@postgresql.org Subject: Re: [GENERAL] confirming security. On 02/22/2013 07:50 AM, Maz Mohammadi wrote: > Thx John, > > It got me a long way. I actually have a more complex installation (I > think) that I originally thought on my test linux box. Looks like all=20 > the files that I modify are under /var/lib/post../coord. > > I added the line.. to pg_hba.conf > > hostssl all all 127.0.0.1/32 cert > > and after restarting the coordinator node, it errored because I had to=20 > modify postgresql.conf (ssl=3Doff) . So I feel that the server is now=20 > running in SSL mode. > > But when I used psql...I'm getting this.... > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > postgres-xc@adminuser-VirtualBox:~/coord$ psql -h localhost testdb > > psql (PGXC 1.0.0, based on PG 9.1.4) > > SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256) > > Type "help" for help. > > testdb=3D# select 2+2; > > ?column? > > ---------- > > 4 > > (1 row) > > testdb=3D# \q > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > It's telling me it's through an SSL connection, but I didn't specify=20 > any keystore on my side for psql? Does it pick it up from somewhere? > > Any help is greatly appreciated J > > Postgresql isn't half bad ;) > Is the above line from pg_hba.conf the only one in the file? If not could you post the entire file contents? Remember in pg_hba.conf first match wins. -- Adrian Klaver adrian.klaver@gmail.com
pgsql-general by date: