Thread: Authentication Problems

Authentication Problems

From
"Graham Vickrage"
Date:
Hi all,

I have a problem that may not be directly to do with postgres but I can't
seem to figure it out. I have a linux redhat server with apache and postgres
7.0 runing on the same machine.

I am trying to sort out authentication so that local clients can connect to
the databases using 'ident sameuser' and internet users connect using
'password'. My pg_hba.conf file looks as follows: -

host         all         127.0.0.1           255.255.255.0        ident
sameuser
host         all         0.0.0.0              0.0.0.0
password

I assumed that the above would solve my problem, which it only half manages.
The local client connections are working correctly after putting
PGHOST=localhost as an environment variable.

HOWEVER when I connect via an internet site it will not allow a connection
(password auth.), the error I get is: -

DBI->connect failed: No pg_hba.conf entry for host localhost, user usr,
database db

Is this because connections from the internet are currently being made as
unix domain sockets instead of tcp/ip loopback via apache? If so how do I
distinguish between internet and local connections. Does anyone know if I
should be looking at apache for the solution or is it somethin subtle in
postgres that I am missing?

Thanks

Graham



Attachment

Re: Authentication Problems

From
jdassen@cistron.nl (J.H.M. Dassen (Ray))
Date:
Graham Vickrage <graham@digitalplanit.com> wrote:
>HOWEVER when I connect via an internet site

Please define "connect via an internet site". Do you
a) connect using a PostgreSQL client (e.g. "psql") on a remote host, or
b) connect using HTTP to a server which executes CGI scripts that run
   on the server and connect to the PostgreSQL database.

If a), the connection is through TCP/IP sockets.
If b), it depends on the scripts.

HTH,
Ray
--
Cyberspace, a final frontier. These are the voyages of my messages,
on a lightspeed mission to explore strange new systems and to boldly go
where no data has gone before.

Re: Authentication Problems

From
Peter Eisentraut
Date:
Graham Vickrage writes:

> host         all         127.0.0.1           255.255.255.0        ident sameuser
> host         all         0.0.0.0              0.0.0.0 password
>
> I assumed that the above would solve my problem, which it only half manages.
> The local client connections are working correctly after putting
> PGHOST=localhost as an environment variable.
>
> HOWEVER when I connect via an internet site it will not allow a connection
> (password auth.), the error I get is: -
>
> DBI->connect failed: No pg_hba.conf entry for host localhost, user usr,
> database db

When the "internet site" is actually the localhost, then the first record
will match.  However, that record will not allow the connection because
"sameuser" is not the case.

> Is this because connections from the internet are currently being made as
> unix domain sockets instead of tcp/ip loopback via apache? If so how do I
> distinguish between internet and local connections.

If the connection is via Unix domain sockets, then you'd get a different
error message.

--
Peter Eisentraut      peter_e@gmx.net       http://yi.org/peter-e/