Re: Ident authentication fails due to bind error on server (8.4.8) - Mailing list pgsql-bugs

From Marinos Yannikos
Subject Re: Ident authentication fails due to bind error on server (8.4.8)
Date
Msg-id op.vw83rlr0khmbxg@klump-pc.ghoffice
Whole thread Raw
In response to Re: Ident authentication fails due to bind error on server (8.4.8)  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Ident authentication fails due to bind error on server (8.4.8)
List pgsql-bugs
On Fri, 17 Jun 2011 19:51:59 +0200, Tom Lane <tgl@sss.pgh.pa.us> wrote:

> I looked at the glibc source code for getaddrinfo, and it looks like
> they do reliably set sin_port to zero when no service argument is
> provided, despite the above documentation statement.  So that's why it
> works for me.  But still, if you're on a non-Linux platform it seems
> possible that this is the mechanism for what's biting you.

Both client and server are Linux systems here and sin_port is 0 also
according to debug output I added. I cannot reproduce the problem reliably
(the users are much better testers it seems), so I'm a bit stuck with my
best guess being TIME_WAIT issues, perhaps FIN packets getting lost. I've
set

sysctl -w net.ipv4.tcp_tw_reuse=1

now and will post again if there is any change.

> (BTW, is it really sane to be using ident auth over a "high latency
> connection"?  That would certainly suggest to me that you could be
> getting connections from untrustworthy machines ...)

Both endpoints are properly firewalled (the sane sysadmins say so) and for
this particular connection only one client IP address is allowed by
pg_hba.conf, the reason why we also use ident authentication is to allow
only a few select uid's on the client host to connect to certain DSNs.

Thanks for all the helpful info!

Regards,
  Marinos

pgsql-bugs by date:

Previous
From: Merlin Moncure
Date:
Subject: Re: could not read block XXXXX in file "base/YYYYY/ZZZZZZ": read only 160 of 8192 bytes
Next
From: Greg Smith
Date:
Subject: Re: could not read block XXXXX in file "base/YYYYY/ZZZZZZ": read only 160 of 8192 bytes