Thread: usernames and passwords
Hi . I have a server running PostgreSQL Version 6.5, and i have a problem. I grant some distinct privileges to some users (and that works). The problem is that those users can log in with any password. Each user has a password assigned but not matter the password the user use to log in, if the user exists always will get access to the database. Has anybony an idea? Any response will be wellcome. Thanks for all. Vicent Vives.
On Mon, 2002-07-22 at 11:16, Vicente Vives wrote: > > Hi . > I have a server running PostgreSQL Version 6.5, and i have a problem. > I grant some distinct privileges to some users (and that works). The > problem > is that those users can log in with any password. Each user has a > password > assigned but not matter the password the user use to log in, if the user > exists always will get access to the database. Look at $PGDATA/pg_hba.conf This self-documenting file contains the access parameters. Incidentally, version 6.5 is very old and buggy. You should consider upgrading to the current version, 7.2.1 -- Oliver Elphick Oliver.Elphick@lfix.co.uk Isle of Wight, UK http://www.lfix.co.uk/oliver GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C ======================================== "Then Peter and the other apostles answered and said, We ought to obey God rather than men." Acts 5:29
On Mon, Jul 22, 2002 at 12:16:53PM +0200, Vicente Vives wrote:
> Hi .
Hello!
> I have a server running PostgreSQL Version 6.5, and i have a problem.
> I grant some distinct privileges to some users (and that works). The
> problem
> is that those users can log in with any password. Each user has a
> password
> assigned but not matter the password the user use to log in, if the user
> exists always will get access to the database.
Go to your $PGDATA directory, and check your pg_hba.conf. That's
file where you can confiure access do your db - it is wery well commented,
read it and you will find out what to do (if not, go to docs and read about
pg_hba.conf). It looks, that you may have "trust" enabled for local
connections (or for whatever way they are connecting), or something like
that, and that is why users are authenticated without their passwords.
Best regards,
--
--- Artur Pietruk, arturp@plukwa.net
Artur Pietruk wrote: > > On Mon, Jul 22, 2002 at 12:16:53PM +0200, Vicente Vives wrote: > > Hi . > > Hello! > > > I have a server running PostgreSQL Version 6.5, and i have a problem. > > I grant some distinct privileges to some users (and that works). The > > problem > > is that those users can log in with any password. Each user has a > > password > > assigned but not matter the password the user use to log in, if the user > > exists always will get access to the database. > > Go to your $PGDATA directory, and check your pg_hba.conf. That's > file where you can confiure access do your db - it is wery well commented, > read it and you will find out what to do (if not, go to docs and read about > pg_hba.conf). It looks, that you may have "trust" enabled for local > connections (or for whatever way they are connecting), or something like > that, and that is why users are authenticated without their passwords. > That's correct! In my pg_hba.conf the option 'trust' was enabled. If i changed it to 'crypt' the users can access correctly. Thank you very much! Vicent Vives.