Ident authentication fails due to bind error on server (8.4.8) - Mailing list pgsql-bugs

From Marinos Yannikos
Subject Ident authentication fails due to bind error on server (8.4.8)
Date
Msg-id op.vw7q9avrkhmbxg@klump-pc
Whole thread Raw
Responses Re: Ident authentication fails due to bind error on server (8.4.8)
List pgsql-bugs
Hi,

I'm not sure that this is not a configuration or networking issue (so
apologies if it is), but we seem to be getting rare (a few times/day)
failures with ident authentication because several clients attempt to do
it simultaneously over a high-latency connection (capitalized = edited
IPs/username etc.):

[DB CLIENTADDR(51985) 3173 2011-06-17 10:49:56 CEST] LOG:  could not bind
to local address "SERVERADDR": Address already in use
[DB CLIENTADDR(51985) 3173 2011-06-17 10:49:56 CEST] FATAL:  Ident
authentication failed for user "USER"
[DB CLIENTADDR(51986) 3183 2011-06-17 10:49:56 CEST] FATAL:  no
pg_hba.conf entry for host "CLIENTADDR", user "USER", database "DB", SSL
off

on the client side, we had 2 connection attempts, of which 1 failed
(apparently):

Jun 17 10:49:53 xxx oidentd[12377]: Connection from SERVER (SERVERADDR):0
Jun 17 10:49:53 xxx oidentd[12377]: [SERVER] Successful lookup: 51980 ,
5432 : crm (crm)

[Fri Jun 17 10:49:53 2011] [error] [client 127.0.0.1] [Fri Jun 17 10:49:53
2011] kv_tpl.pl: DBI connect('dbname=DB;host=SERVER','USER',...) failed:
FATAL:  Ident authentication failed for user "USER", referer: URL
[Fri Jun 17 10:49:53 2011] [error] [client 127.0.0.1] [Fri Jun 17 10:49:53
2011] kv_tpl.pl: FATAL:  no pg_hba.conf entry for host "CLIENTADDR", user
"USER", database "DB", SSL off at /var/www/crm/kv_tpl.pl line 100,
referer: URL

Is this a possible race condition in src/backend/libpq/auth.c ?

[note: the client/server clocks are 3 seconds apart at this point, I
haven't investigated whether that causes issues here]

---
     /*
      * Bind to the address which the client originally contacted, otherwise
      * the ident server won't be able to match up the right connection.
This
      * is necessary if the PostgreSQL server is running on an IP alias.
      */
     rc = bind(sock_fd, la->ai_addr, la->ai_addrlen);
     if (rc != 0)
     {
         ereport(LOG,
                 (errcode_for_socket_access(),
                  errmsg("could not bind to local address \"%s\": %m",
                         local_addr_s)));
         ident_return = false;
         goto ident_inet_done;
     }
---

Regards,
  Marinos

pgsql-bugs by date:

Previous
From: Christoph Berg
Date:
Subject: Re: BUG #6066: Bad string in German translation causes segfault (user-triggerable)
Next
From: Christoph Berg
Date:
Subject: Re: BUG #6066: [PATCH] Mark more strings as c-format