Re: pg_hba.conf change in 7.4 - Mailing list pgsql-general

From Seum-Lim Gan
Subject Re: pg_hba.conf change in 7.4
Date
Msg-id p0510032abbf533cb7e3b@[192.168.10.94]
Whole thread Raw
In response to Re: pg_hba.conf change in 7.4  (Seum-Lim Gan <slgan@lucent.com>)
Responses Re: pg_hba.conf change in 7.4
List pgsql-general
Hi Bruce,

I wonder if there is any recommendation to this ?
Is there a way to configure PostgreSQL to not use
IPv6 ?

We are also wonder if there is a version of Ident server
that the PostgreSQL community knows that will work
with IPv6.

Thanks.

Gan

At 11:37 am -0600 2003/11/20, Seum-Lim Gan wrote:
Hi Bruce,

We are using Sun Solaris 9 on Sparc. uname -a :

SunOS test01 5.9 Generic_112233-04 sun4u sparc SUNW,Ultra-80

Gan

At 12:29 pm -0500 2003/11/20, Bruce Momjian wrote:
I think what happens is that when we listen on IPv4 and IPv6, that all
connections get IPv6.  What OS are you using?

---------------------------------------------------------------------------

Seum-Lim Gan wrote:
> Hi Bruce,
>
> Thanks for the info.
> I captured the netstat output below.
>
> Looks like there is a bunch of IPv4 being used.
>
> Any idea how this can be resolved ?
>
> Thanks.
>
> Gan
>
> UDP: IPv6
>     Local Address                     Remote Address
> State      If
> --------------------------------- ---------------------------------
> ---------- -----
> localhost.35847                   localhost.35847                   Connected
>
> TCP: IPv4
>     Local Address        Remote Address    Swind Send-Q Rwind Recv-Q  State
> -------------------- -------------------- ----- ------ ----- ------ -------
> localhost.32906      localhost.14500      49152      0 49152      0 ESTABLISHED
> localhost.14500      localhost.32906      49152      0 49152      0 ESTABLISHED
> localhost.32908      localhost.14500      49152      0 49152      0 ESTABLISHED
> localhost.14500      localhost.32908      49152      0 49152      0 ESTABLISHED
> localhost.32910      localhost.14500      49152      0 49152      0 ESTABLISHED
> localhost.14500      localhost.32910      49152      0 49152      0 ESTABLISHED
> localhost.32911      localhost.14500      49152      0 49152      0 ESTABLISHED
> localhost.14500      localhost.32911      49152      0 49152      0 ESTABLISHED
> localhost.32913      localhost.14500      49152      0 49152      0 ESTABLISHED
> localhost.14500      localhost.32913      49152      0 49152      0 ESTABLISHED
> localhost.32915      localhost.14500      49152      0 49152      0 ESTABLISHED
> localhost.14500      localhost.32915      49152      0 49152      0 ESTABLISHED
> localhost.32917      localhost.14500      49152      0 49152      0 ESTABLISHED
> localhost.14500      localhost.32917      49152      0 49152      0 ESTABLISHED
> localhost.32919      localhost.14500      49152      0 49152      0 ESTABLISHED
> localhost.14500      localhost.32919      49152      0 49152      0 ESTABLISHED
> localhost.32920      localhost.14500      49152      0 49152      0 ESTABLISHED
> localhost.14500      localhost.32920      49152      0 49152      0 ESTABLISHED
> localhost.32922      localhost.14500      49152      0 49152      0 ESTABLISHED
> localhost.14500      localhost.32922      49152      0 49152      0 ESTABLISHED
> localhost.32923      localhost.14500      49152      0 49152      0 ESTABLISHED
> localhost.14500      localhost.32923      49152      0 49152      0 ESTABLISHED
> localhost.32924      localhost.14500      49152      0 49152      0 ESTABLISHED
> localhost.14500      localhost.32924      49152      0 49152      0 ESTABLISHED
> localhost.32926      localhost.14500      49152      0 49152      0 ESTABLISHED
> localhost.14500      localhost.32926      49152      0 49152      0 ESTABLISHED
> localhost.32927      localhost.14500      49152      0 49152      0 ESTABLISHED
> localhost.14500      localhost.32927      49152      0 49152      0 ESTABLISHED
> localhost.33086      localhost.14500      49152      0 49152      0 ESTABLISHED
> localhost.14500      localhost.33086      49152      0 49152      0 ESTABLISHED
> localhost.33087      localhost.14500      49152      0 49152      0 ESTABLISHED
> localhost.14500      localhost.33087      49152      0 49152      0 ESTABLISHED
> localhost.50882      localhost.14502      49152      0 49152      0 ESTABLISHED
> localhost.14502      localhost.50882      49152      0 49152      0 ESTABLISHED
> localhost.50883      localhost.14500      49152      0 49152      0 ESTABLISHED
> localhost.14500      localhost.50883      49152      0 49152      0 ESTABLISHED
>
> At 12:11 pm -0500 2003/11/20, Bruce Momjian wrote:
> >Seum-Lim Gan wrote:
> >>  Hi,
> >>
> >>  In 7.4, I noticed there is this ::1 and ffff: (x8 of them)
> >>  for IPv6.
> >>
> >>  I looked at the documentation and there is nothing that says
> >>  what the ::1 is for.
> >
> >The ::1 is a IPv6 shorthand for 127.0.0.1 (localhost).
> >
> >>  Commenting out that line will prevent access to PostgreSQL
> >>  from psql unless I put trust for that line.
> >>
> >>  This is what I had in 7.3.4:
> >>  host    all         all         127.0.0.1         255.255.255.255
> >  > ident pspmap
> >>  local   all         all                                             password
> >>  host    all         all         0.0.0.0        0.0.0.0          reject
> >>
> >>  But in 7.4, it does not work anymore. It seems to want ::1 to be somewhere.
> >>  If I change the line with ::1 from trust to ident pspmap, it complains that
> >>  the user cannot be found. But it is in the pspmap. Message fromm psql:
> >
> >Seems you have an OS that makes all connections IPv6, even IPv4 ones.
> >That is why we had to have that line in there.  Seems ::1 controls your
> >local connections on that platform.  Some platforms have distinct IPv4
> >and IPv6 connections, so we have to include both lines in the file.
> >
> >>  Right now, I have it set to trust to work around.
> >>  Any idea what to do about this ?
> >>
> >>  host    all         all         127.0.0.1         255.255.255.255
> >>  ident pspmap
> >>  local   all         all                                             password
> >>  host    all         all         0.0.0.0        0.0.0.0          reject
> >>  # IPv4-style local connections:
> >>  #host    all         all         127.0.0.1         255.255.255.255   trust
> >>  # IPv6-style local connections:
> >>  host    all         all         ::1
> >>  ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff        trust
> >
> >Yea, that's about it.  My guess is that nothing is coming in via IPv4 on
> >your machine so 127.0.0.1 does nothing.  Perhaps netstat will show the
> >IP address family used.

--
+--------------------------------------------------------+
| Seum-Lim GAN                 email : slgan@lucent.com  |
| Lucent Technologies                                    |
| 2000 N. Naperville Road, 6B-403F  tel : (630)-713-6665 |
| Naperville, IL 60566, USA.        fax : (630)-713-7272 |
|       web : http://inuweb.ih.lucent.com/~slgan         |
+--------------------------------------------------------+


-- 
+--------------------------------------------------------+
| Seum-Lim GAN                 email : slgan@lucent.com  |
| Lucent Technologies                                    |
| 2000 N. Naperville Road, 6B-403F  tel : (630)-713-6665 |
| Naperville, IL 60566, USA.        fax : (630)-713-7272 |
|       web : http://inuweb.ih.lucent.com/~slgan         |
+--------------------------------------------------------+

pgsql-general by date:

Previous
From: Jan Wieck
Date:
Subject: Re: query and pg_dump problem on my postgresql 6.5.3/Redhat
Next
From: Manfred Koizar
Date:
Subject: Re: Transaction Question