Thread: ident sameuser failure

ident sameuser failure

From
Stephen Harris
Date:
Hi all, I have a problem that I am chasing and getting nowhere with.
Can anyone help?
I have postgresql-7.2.1-5 running as the server on a redhat7.3 box.
I am connecting from a redhat8.0 box with postgresql-7.2.2-1 using both
psql and pgaccess.
My pg_hba.conf looks like this:

local   all     ident   sameuser
host       testuserdb    192.168.0.0    255.255.255.0   ident     sameuser
host       testdb        192.168.0.0    255.255.255.0   password

Now the scenenario is like this:

User test can connect to database testdb with a password.
User testuser cannot connect to database testuserdb and gets these errors
psql -h workbench -d testuserdb -U testuser
psql: FATAL 1:  IDENT authentication failed for user "testuser"

on the server I made (as postgres) the users test and testuser, then
became each user and created the testdb and testuserdb.

I have tried making a usermap in pg_ident.conf

testuser                testuser        testuser

and tried the line

host       testuserdb    192.168.0.0    255.255.255.0 ident testuser

But still no change.
Testuser can connect if AUTH_TYPE is trust however.

Can anyone lend a pinch of advice that may be the problem here?
many thanks
Stephen.



Computer Concepts Limited
25 Leslie Hills Drive
PO Box 8744 Riccarton
Christchurch, New Zealand

Phone:  +64-3-348-2500
Fax:    +64-3-343-7569

Notice of confidential information:
The information contained in this e-mail message is
confidential information and may also be legally privileged,
intended only for the individual or entity named above.
If you are not the intended recipient you are hereby
notified that any use, review, dissemination, distribution
or copying of this document is strictly prohibited.
If you have received this document in error, please
immediately notify the sender by telephone and destroy the
message. Thank you.

Re: ident sameuser failure

From
Tom Lane
Date:
Stephen Harris <sharris@concepts.co.nz> writes:
> User testuser cannot connect to database testuserdb and gets these errors
> psql -h workbench -d testuserdb -U testuser
> psql: FATAL 1:  IDENT authentication failed for user "testuser"

Are you in fact running an IDENT server?

If so, try looking in the postmaster's log (stderr output) to get more
info about the problem.

            regards, tom lane

Re: ident sameuser failure

From
Stephen Harris
Date:
Tom Lane wrote:

>Stephen Harris <sharris@concepts.co.nz> writes:
>
>
>>User testuser cannot connect to database testuserdb and gets these errors
>>psql -h workbench -d testuserdb -U testuser
>>psql: FATAL 1:  IDENT authentication failed for user "testuser"
>>
>>
>
>Are you in fact running an IDENT server?
>
>If so, try looking in the postmaster's log (stderr output) to get more
>info about the problem.
>
>
>
I wasnt.
I have set that up now and increased the verbosity of logging.
Unfortunatly, this has not changed the behaviour at all.
ie:
Feb 26 14:59:17 workbench postgres[4243]: [20] FATAL 1:  IDENT
authentication failed for user "testuser"
Is there an undocumented feature that requires ident tcp connections to
authenticate to postmaster and thereby disabling the sameuser ?
Has anyone else had success with this?
Best Regards
Stephen



Computer Concepts Limited
25 Leslie Hills Drive
PO Box 8744 Riccarton
Christchurch, New Zealand

Phone:  +64-3-348-2500
Fax:    +64-3-343-7569

Notice of confidential information:
The information contained in this e-mail message is
confidential information and may also be legally privileged,
intended only for the individual or entity named above.
If you are not the intended recipient you are hereby
notified that any use, review, dissemination, distribution
or copying of this document is strictly prohibited.
If you have received this document in error, please
immediately notify the sender by telephone and destroy the
message. Thank you.

Re: ident sameuser failure

From
Tom Lane
Date:
Stephen Harris <sharris@concepts.co.nz> writes:
> I have set that up now and increased the verbosity of logging.
> Unfortunatly, this has not changed the behaviour at all.
> ie:
> Feb 26 14:59:17 workbench postgres[4243]: [20] FATAL 1:  IDENT
> authentication failed for user "testuser"

Hm ... what PG version are you running, and how are you doing logging?
There should definitely be some other informational messages coming out.
But it useta be that those were just fprintf'd to stderr, so if you are
using syslog logging you might lose them.  I'd suggest restarting the
postmaster with stderr redirected into a file (and *don't* use the -S
switch).

            regards, tom lane

Re: ident sameuser failure

From
Stephen Harris
Date:
Well, I'll be ...

I changed postmaster to log to a file, but that didnt reveal much.
I upped the syslog vebosity to debug in  identd.conf and added an entry
daemon.*       /var/log/postmaster.log in syslog.conf.
Then as user sharris I did:
   psql -h workbench -d testuserdb -U testuser
While doing tail -f /var/log/postmaster.log
I saw
    Feb 27 00:47:05 freeflight identd[20989]: reply to 192.168.0.141:
36458, 5432 : USERID : OTHER :504
So that got me wondering, does the U switch work?
So I su - 'ed testuser and did
    psql -h workbench -d testuserdb
I saw
    Feb 27 00:49:53 freeflight identd[21082]: reply to 192.168.0.141:
36465, 5432 : USERID : OTHER :testuser
And was given the database shell.
Testusers uid on the client is 1293 and on the server is 501.
However, as soon as I stop identd it stops working.
So you were right, it all comes down to identd, but the U switch in psql
should of worked?
Perhaps I should make the uids match?
Many thanks
Stephen.


Computer Concepts Limited
25 Leslie Hills Drive
PO Box 8744 Riccarton
Christchurch, New Zealand

Phone:  +64-3-348-2500
Fax:    +64-3-343-7569

Notice of confidential information:
The information contained in this e-mail message is
confidential information and may also be legally privileged,
intended only for the individual or entity named above.
If you are not the intended recipient you are hereby
notified that any use, review, dissemination, distribution
or copying of this document is strictly prohibited.
If you have received this document in error, please
immediately notify the sender by telephone and destroy the
message. Thank you.