Thread: pg_hba.conf

pg_hba.conf

From
Date:

I’m trying to access our test postgreSQL server via VPN and even though I already setup the host for the vpn’s ip address, I’m still getting an error similar to “host for vpn address does not exist”

 

What am I doing incorrectly?

 

Thanks!

- Lily Anne

 

 

Re: pg_hba.conf

From
Robert Treat
Date:
On Thu, 2004-05-20 at 19:52, LSanchez@ameritrade.com wrote:
> I'm trying to access our test postgreSQL server via VPN and even though
> I already setup the host for the vpn's ip address, I'm still getting an
> error similar to "host for vpn address does not exist"
>
> What am I doing incorrectly?
>

The error similar to that that I am thinking of would indicate that the
ip address of your client machine does not fall into the scheme laid out
in your pg_hba.conf. Most likely you need to add your home machines ip
into the pg_hba.conf (or open up one of the existing entries to include
the machine your connecting from)

HTH

Robert Treat
--
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL


Re: pg_hba.conf

From
Date:
Thanks Robert!

I did that as well and still didn't work. Any other ideas?

-----Original Message-----
From: Robert Treat [mailto:xzilla@users.sourceforge.net]
Sent: Friday, May 21, 2004 4:41 PM
To: LSanchez@ameritrade.com
Cc: pgsql-admin@postgresql.org
Subject: Re: [ADMIN] pg_hba.conf

On Thu, 2004-05-20 at 19:52, LSanchez@ameritrade.com wrote:
> I'm trying to access our test postgreSQL server via VPN and even
though
> I already setup the host for the vpn's ip address, I'm still getting
an
> error similar to "host for vpn address does not exist"
>
> What am I doing incorrectly?
>

The error similar to that that I am thinking of would indicate that the
ip address of your client machine does not fall into the scheme laid out
in your pg_hba.conf. Most likely you need to add your home machines ip
into the pg_hba.conf (or open up one of the existing entries to include
the machine your connecting from)

HTH

Robert Treat
--
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL


Re: pg_hba.conf

From
Robert Treat
Date:
can you ping the server that postgresql is living on?  or maybe your
misrepresenting the error message...  what program are you using to try and
connect? can you verify that tcpip_sockets is turned on the server? also, if
it is a database problem there will be an exact error message being reported
in the logs of type FATAL, can you send us that?

Robert Treat

On Friday 21 May 2004 17:01, LSanchez@ameritrade.com wrote:
> Thanks Robert!
>
> I did that as well and still didn't work. Any other ideas?
>
> -----Original Message-----
> From: Robert Treat [mailto:xzilla@users.sourceforge.net]
> Sent: Friday, May 21, 2004 4:41 PM
> To: LSanchez@ameritrade.com
> Cc: pgsql-admin@postgresql.org
> Subject: Re: [ADMIN] pg_hba.conf
>
> On Thu, 2004-05-20 at 19:52, LSanchez@ameritrade.com wrote:
> > I'm trying to access our test postgreSQL server via VPN and even
>
> though
>
> > I already setup the host for the vpn's ip address, I'm still getting
>
> an
>
> > error similar to "host for vpn address does not exist"
> >
> > What am I doing incorrectly?
>
> The error similar to that that I am thinking of would indicate that the
> ip address of your client machine does not fall into the scheme laid out
> in your pg_hba.conf. Most likely you need to add your home machines ip
> into the pg_hba.conf (or open up one of the existing entries to include
> the machine your connecting from)
>
> HTH
>
> Robert Treat

--
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL

Re: pg_hba.conf

From
Date:
Yes I can ping the server if not connected via VPN.

I'm using EMS PostgreSQL Manager, which works if not via VPN.

Yes, postgresql.conf's tcpip_socket = true.

The log says: FATAL: No pg_hba.conf entry for host 10.29.15.113, user
postgres, database TEST.

Thanks for your help!

Regards,
- Lily Anne


-----Original Message-----
From: Robert Treat [mailto:xzilla@users.sourceforge.net]
Sent: Friday, May 21, 2004 8:04 PM
To: LSanchez@ameritrade.com
Cc: pgsql-admin@postgresql.org
Subject: Re: [ADMIN] pg_hba.conf

can you ping the server that postgresql is living on?  or maybe your
misrepresenting the error message...  what program are you using to try
and
connect? can you verify that tcpip_sockets is turned on the server?
also, if
it is a database problem there will be an exact error message being
reported
in the logs of type FATAL, can you send us that?

Robert Treat

On Friday 21 May 2004 17:01, LSanchez@ameritrade.com wrote:
> Thanks Robert!
>
> I did that as well and still didn't work. Any other ideas?
>
> -----Original Message-----
> From: Robert Treat [mailto:xzilla@users.sourceforge.net]
> Sent: Friday, May 21, 2004 4:41 PM
> To: LSanchez@ameritrade.com
> Cc: pgsql-admin@postgresql.org
> Subject: Re: [ADMIN] pg_hba.conf
>
> On Thu, 2004-05-20 at 19:52, LSanchez@ameritrade.com wrote:
> > I'm trying to access our test postgreSQL server via VPN and even
>
> though
>
> > I already setup the host for the vpn's ip address, I'm still getting
>
> an
>
> > error similar to "host for vpn address does not exist"
> >
> > What am I doing incorrectly?
>
> The error similar to that that I am thinking of would indicate that
the
> ip address of your client machine does not fall into the scheme laid
out
> in your pg_hba.conf. Most likely you need to add your home machines ip
> into the pg_hba.conf (or open up one of the existing entries to
include
> the machine your connecting from)
>
> HTH
>
> Robert Treat

--
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL

Re: pg_hba.conf

From
Mike G
Date:
Your ip address range is probably different when connecting via a VPN rather than in the office.  By default postgres
willnot allow connections from other locations even if tcpip_socket is true without specifying an ip address range,
databaseetc. 

Checkout the docs.  There is a section on pg_hba.conf.

Mike

On Mon, May 24, 2004 at 01:02:12PM -0400, LSanchez@ameritrade.com wrote:
> Yes I can ping the server if not connected via VPN.
>
> I'm using EMS PostgreSQL Manager, which works if not via VPN.
>
> Yes, postgresql.conf's tcpip_socket = true.
>
> The log says: FATAL: No pg_hba.conf entry for host 10.29.15.113, user
> postgres, database TEST.
>
> Thanks for your help!
>
> Regards,
> - Lily Anne
>
>
> -----Original Message-----
> From: Robert Treat [mailto:xzilla@users.sourceforge.net]
> Sent: Friday, May 21, 2004 8:04 PM
> To: LSanchez@ameritrade.com
> Cc: pgsql-admin@postgresql.org
> Subject: Re: [ADMIN] pg_hba.conf
>
> can you ping the server that postgresql is living on?  or maybe your
> misrepresenting the error message...  what program are you using to try
> and
> connect? can you verify that tcpip_sockets is turned on the server?
> also, if
> it is a database problem there will be an exact error message being
> reported
> in the logs of type FATAL, can you send us that?
>
> Robert Treat
>
> On Friday 21 May 2004 17:01, LSanchez@ameritrade.com wrote:
> > Thanks Robert!
> >
> > I did that as well and still didn't work. Any other ideas?
> >
> > -----Original Message-----
> > From: Robert Treat [mailto:xzilla@users.sourceforge.net]
> > Sent: Friday, May 21, 2004 4:41 PM
> > To: LSanchez@ameritrade.com
> > Cc: pgsql-admin@postgresql.org
> > Subject: Re: [ADMIN] pg_hba.conf
> >
> > On Thu, 2004-05-20 at 19:52, LSanchez@ameritrade.com wrote:
> > > I'm trying to access our test postgreSQL server via VPN and even
> >
> > though
> >
> > > I already setup the host for the vpn's ip address, I'm still getting
> >
> > an
> >
> > > error similar to "host for vpn address does not exist"
> > >
> > > What am I doing incorrectly?
> >
> > The error similar to that that I am thinking of would indicate that
> the
> > ip address of your client machine does not fall into the scheme laid
> out
> > in your pg_hba.conf. Most likely you need to add your home machines ip
> > into the pg_hba.conf (or open up one of the existing entries to
> include
> > the machine your connecting from)
> >
> > HTH
> >
> > Robert Treat
>
> --
> Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster

Re: pg_hba.conf

From
Date:
Thanks Mike!

I already specified the IP address that was specified by my VPN
connection. I read through the docs and found nothing about anything
special with VPN connections.

Regards,
- Lily Anne

-----Original Message-----
From: Mike G [mailto:mike@thegodshalls.com]
Sent: Monday, May 24, 2004 10:23 PM
To: LSanchez@ameritrade.com
Cc: xzilla@users.sourceforge.net; pgsql-admin@postgresql.org
Subject: Re: [ADMIN] pg_hba.conf

Your ip address range is probably different when connecting via a VPN
rather than in the office.  By default postgres will not allow
connections from other locations even if tcpip_socket is true without
specifying an ip address range, database etc.

Checkout the docs.  There is a section on pg_hba.conf.

Mike

On Mon, May 24, 2004 at 01:02:12PM -0400, LSanchez@ameritrade.com wrote:
> Yes I can ping the server if not connected via VPN.
>
> I'm using EMS PostgreSQL Manager, which works if not via VPN.
>
> Yes, postgresql.conf's tcpip_socket = true.
>
> The log says: FATAL: No pg_hba.conf entry for host 10.29.15.113, user
> postgres, database TEST.
>
> Thanks for your help!
>
> Regards,
> - Lily Anne
>
>
> -----Original Message-----
> From: Robert Treat [mailto:xzilla@users.sourceforge.net]
> Sent: Friday, May 21, 2004 8:04 PM
> To: LSanchez@ameritrade.com
> Cc: pgsql-admin@postgresql.org
> Subject: Re: [ADMIN] pg_hba.conf
>
> can you ping the server that postgresql is living on?  or maybe your
> misrepresenting the error message...  what program are you using to
try
> and
> connect? can you verify that tcpip_sockets is turned on the server?
> also, if
> it is a database problem there will be an exact error message being
> reported
> in the logs of type FATAL, can you send us that?
>
> Robert Treat
>
> On Friday 21 May 2004 17:01, LSanchez@ameritrade.com wrote:
> > Thanks Robert!
> >
> > I did that as well and still didn't work. Any other ideas?
> >
> > -----Original Message-----
> > From: Robert Treat [mailto:xzilla@users.sourceforge.net]
> > Sent: Friday, May 21, 2004 4:41 PM
> > To: LSanchez@ameritrade.com
> > Cc: pgsql-admin@postgresql.org
> > Subject: Re: [ADMIN] pg_hba.conf
> >
> > On Thu, 2004-05-20 at 19:52, LSanchez@ameritrade.com wrote:
> > > I'm trying to access our test postgreSQL server via VPN and even
> >
> > though
> >
> > > I already setup the host for the vpn's ip address, I'm still
getting
> >
> > an
> >
> > > error similar to "host for vpn address does not exist"
> > >
> > > What am I doing incorrectly?
> >
> > The error similar to that that I am thinking of would indicate that
> the
> > ip address of your client machine does not fall into the scheme laid
> out
> > in your pg_hba.conf. Most likely you need to add your home machines
ip
> > into the pg_hba.conf (or open up one of the existing entries to
> include
> > the machine your connecting from)
> >
> > HTH
> >
> > Robert Treat
>
> --
> Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
>
> ---------------------------(end of
broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster

Re: pg_hba.conf

From
Tom Lane
Date:
<LSanchez@ameritrade.com> writes:
> I already specified the IP address that was specified by my VPN
> connection.

This is a long shot, but ... did you remember to SIGHUP the postmaster
after editing pg_hba.conf to allow that IP address?

            regards, tom lane

Re: pg_hba.conf

From
Date:
Yes sir, did that, too.

Thanks,
- Lily Anne

-----Original Message-----
From: Tom Lane [mailto:tgl@sss.pgh.pa.us]
Sent: Tuesday, May 25, 2004 10:50 AM
To: LSanchez@ameritrade.com
Cc: mike@thegodshalls.com; xzilla@users.sourceforge.net;
pgsql-admin@postgresql.org
Subject: Re: [ADMIN] pg_hba.conf

<LSanchez@ameritrade.com> writes:
> I already specified the IP address that was specified by my VPN
> connection.

This is a long shot, but ... did you remember to SIGHUP the postmaster
after editing pg_hba.conf to allow that IP address?

            regards, tom lane

Re: pg_hba.conf

From
Robert Treat
Date:
I am thinking that the entry for this ip has an issue with the username and/or
database specified in the line (or maybe conflicting entries?)  Would you
mind posting your complete pg_hba.conf to the list?

Robert Treat

On Tuesday 25 May 2004 10:50, LSanchez@ameritrade.com wrote:
> Yes sir, did that, too.
>
> Thanks,
> - Lily Anne
>
> -----Original Message-----
> From: Tom Lane [mailto:tgl@sss.pgh.pa.us]
> Sent: Tuesday, May 25, 2004 10:50 AM
> To: LSanchez@ameritrade.com
> Cc: mike@thegodshalls.com; xzilla@users.sourceforge.net;
> pgsql-admin@postgresql.org
> Subject: Re: [ADMIN] pg_hba.conf
>
> <LSanchez@ameritrade.com> writes:
> > I already specified the IP address that was specified by my VPN
> > connection.
>
> This is a long shot, but ... did you remember to SIGHUP the postmaster
> after editing pg_hba.conf to allow that IP address?
>
>             regards, tom lane

--
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL

Re: pg_hba.conf

From
Date:
Here it is....

Thanks! :)

-----Original Message-----
From: Robert Treat [mailto:xzilla@users.sourceforge.net]
Sent: Tuesday, May 25, 2004 1:02 PM
To: LSanchez@ameritrade.com
Cc: mike@thegodshalls.com; pgsql-admin@postgresql.org
Subject: Re: [ADMIN] pg_hba.conf

I am thinking that the entry for this ip has an issue with the username
and/or
database specified in the line (or maybe conflicting entries?)  Would
you
mind posting your complete pg_hba.conf to the list?

Robert Treat

On Tuesday 25 May 2004 10:50, LSanchez@ameritrade.com wrote:
> Yes sir, did that, too.
>
> Thanks,
> - Lily Anne
>
> -----Original Message-----
> From: Tom Lane [mailto:tgl@sss.pgh.pa.us]
> Sent: Tuesday, May 25, 2004 10:50 AM
> To: LSanchez@ameritrade.com
> Cc: mike@thegodshalls.com; xzilla@users.sourceforge.net;
> pgsql-admin@postgresql.org
> Subject: Re: [ADMIN] pg_hba.conf
>
> <LSanchez@ameritrade.com> writes:
> > I already specified the IP address that was specified by my VPN
> > connection.
>
> This is a long shot, but ... did you remember to SIGHUP the postmaster
> after editing pg_hba.conf to allow that IP address?
>
>             regards, tom lane

--
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL

Attachment

Re: pg_hba.conf

From
Tom Lane
Date:
<LSanchez@ameritrade.com> writes:
> Here it is....

> host   all      all             10.29.15.0      255.255.255.0  trust

That line certainly ought to match your connection.  I think this has
got to be pilot error: either you didn't SIGHUP the postmaster or you
are editing the wrong copy of the file.  (The right copy is
$PGDATA/pg_hba.conf.)

            regards, tom lane

Re: pg_hba.conf

From
Date:
Um, I restarted postmaster so many times already after I made the entry
and this is the only pg_hba.conf file in our server (you're right,
$PGDATA/pg_hba.conf). It's a brand new server that had just been built.

Have you tried connecting to your pgSQL server via VPN?

Thanks!

-----Original Message-----
From: Tom Lane [mailto:tgl@sss.pgh.pa.us]
Sent: Tuesday, May 25, 2004 2:51 PM
To: LSanchez@ameritrade.com
Cc: xzilla@users.sourceforge.net; mike@thegodshalls.com;
pgsql-admin@postgresql.org
Subject: Re: [ADMIN] pg_hba.conf

<LSanchez@ameritrade.com> writes:
> Here it is....

> host   all      all             10.29.15.0      255.255.255.0  trust

That line certainly ought to match your connection.  I think this has
got to be pilot error: either you didn't SIGHUP the postmaster or you
are editing the wrong copy of the file.  (The right copy is
$PGDATA/pg_hba.conf.)

            regards, tom lane

Re: pg_hba.conf

From
Date:
Or it might be a security issue with how our VPN is setup. I'll talk to
our security folks and see what they will find.

Thanks!



-----Original Message-----
From: Sanchez, Lily
Sent: Tuesday, May 25, 2004 2:55 PM
To: 'Tom Lane'
Cc: xzilla@users.sourceforge.net; mike@thegodshalls.com;
pgsql-admin@postgresql.org
Subject: RE: [ADMIN] pg_hba.conf

Um, I restarted postmaster so many times already after I made the entry
and this is the only pg_hba.conf file in our server (you're right,
$PGDATA/pg_hba.conf). It's a brand new server that had just been built.

Have you tried connecting to your pgSQL server via VPN?

Thanks!

-----Original Message-----
From: Tom Lane [mailto:tgl@sss.pgh.pa.us]
Sent: Tuesday, May 25, 2004 2:51 PM
To: LSanchez@ameritrade.com
Cc: xzilla@users.sourceforge.net; mike@thegodshalls.com;
pgsql-admin@postgresql.org
Subject: Re: [ADMIN] pg_hba.conf

<LSanchez@ameritrade.com> writes:
> Here it is....

> host   all      all             10.29.15.0      255.255.255.0  trust

That line certainly ought to match your connection.  I think this has
got to be pilot error: either you didn't SIGHUP the postmaster or you
are editing the wrong copy of the file.  (The right copy is
$PGDATA/pg_hba.conf.)

            regards, tom lane

Re: pg_hba.conf

From
jseymour@LinxNet.com (Jim Seymour)
Date:
<LSanchez@ameritrade.com> wrote:
>
> Thanks Mike!
>
> I already specified the IP address that was specified by my VPN
> connection. I read through the docs and found nothing about anything
> special with VPN connections.

Which address?  The address at your end of the connection may not be
the same as the address at the other end: The end trying to connect to
the pgsql server.

It appears from this

    "The log says: FATAL: No pg_hba.conf entry for host 10.29.15.113, ..."

the pgsql server sees (or saw) you coming from 10.29.15.113.  So is
that address, or a superset of it, in pg_hba.conf?  Has the server been
kicked in the pants to recognize the config change since it was added?

Jim

Re: pg_hba.conf

From
mike g
Date:
Hmm....

Looks like I am still in the same boat you are.

I still cannot log into my db over a VPN connection using pgadminIII.

Everytime I try and connect I get a "Server terminated connection
unexpectedly error".

I originally received the pg_hba.conf entry complaint as well but after
adding and restarting the system the above is all I get.

I tried specifying pgadmin to prefer SSL connection, and changed
pg_hba.conf entry to expect SSL from my VPN connection entry.


On Tue, 2004-05-25 at 08:42, LSanchez@ameritrade.com wrote:
> Thanks Mike!
>
> I already specified the IP address that was specified by my VPN
> connection. I read through the docs and found nothing about anything
> special with VPN connections.
>
> Regards,
> - Lily Anne
>
> -----Original Message-----
> From: Mike G [mailto:mike@thegodshalls.com]
> Sent: Monday, May 24, 2004 10:23 PM
> To: LSanchez@ameritrade.com
> Cc: xzilla@users.sourceforge.net; pgsql-admin@postgresql.org
> Subject: Re: [ADMIN] pg_hba.conf
>
> Your ip address range is probably different when connecting via a VPN
> rather than in the office.  By default postgres will not allow
> connections from other locations even if tcpip_socket is true without
> specifying an ip address range, database etc.
>
> Checkout the docs.  There is a section on pg_hba.conf.
>
> Mike
>
> On Mon, May 24, 2004 at 01:02:12PM -0400, LSanchez@ameritrade.com wrote:
> > Yes I can ping the server if not connected via VPN.
> >
> > I'm using EMS PostgreSQL Manager, which works if not via VPN.
> >
> > Yes, postgresql.conf's tcpip_socket = true.
> >
> > The log says: FATAL: No pg_hba.conf entry for host 10.29.15.113, user
> > postgres, database TEST.
> >
> > Thanks for your help!
> >
> > Regards,
> > - Lily Anne
> >
> >
> > -----Original Message-----
> > From: Robert Treat [mailto:xzilla@users.sourceforge.net]
> > Sent: Friday, May 21, 2004 8:04 PM
> > To: LSanchez@ameritrade.com
> > Cc: pgsql-admin@postgresql.org
> > Subject: Re: [ADMIN] pg_hba.conf
> >
> > can you ping the server that postgresql is living on?  or maybe your
> > misrepresenting the error message...  what program are you using to
> try
> > and
> > connect? can you verify that tcpip_sockets is turned on the server?
> > also, if
> > it is a database problem there will be an exact error message being
> > reported
> > in the logs of type FATAL, can you send us that?
> >
> > Robert Treat
> >
> > On Friday 21 May 2004 17:01, LSanchez@ameritrade.com wrote:
> > > Thanks Robert!
> > >
> > > I did that as well and still didn't work. Any other ideas?
> > >
> > > -----Original Message-----
> > > From: Robert Treat [mailto:xzilla@users.sourceforge.net]
> > > Sent: Friday, May 21, 2004 4:41 PM
> > > To: LSanchez@ameritrade.com
> > > Cc: pgsql-admin@postgresql.org
> > > Subject: Re: [ADMIN] pg_hba.conf
> > >
> > > On Thu, 2004-05-20 at 19:52, LSanchez@ameritrade.com wrote:
> > > > I'm trying to access our test postgreSQL server via VPN and even
> > >
> > > though
> > >
> > > > I already setup the host for the vpn's ip address, I'm still
> getting
> > >
> > > an
> > >
> > > > error similar to "host for vpn address does not exist"
> > > >
> > > > What am I doing incorrectly?
> > >
> > > The error similar to that that I am thinking of would indicate that
> > the
> > > ip address of your client machine does not fall into the scheme laid
> > out
> > > in your pg_hba.conf. Most likely you need to add your home machines
> ip
> > > into the pg_hba.conf (or open up one of the existing entries to
> > include
> > > the machine your connecting from)
> > >
> > > HTH
> > >
> > > Robert Treat
> >
> > --
> > Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
> >
> > ---------------------------(end of
> broadcast)---------------------------
> > TIP 4: Don't 'kill -9' the postmaster
>
> ---------------------------(end of broadcast)---------------------------
> TIP 7: don't forget to increase your free space map settings

Re: pg_hba.conf

From
mike g
Date:
Hello,

I believe I found my problem.  The Cisco VPN client I use encrypts data
at a 168 bit level.  Postgres only supports up to 128 bit correct?

Mike

On Tue, 2004-05-25 at 23:12, mike g wrote:
> Hmm....
>
> Looks like I am still in the same boat you are.
>
> I still cannot log into my db over a VPN connection using pgadminIII.
>
> Everytime I try and connect I get a "Server terminated connection
> unexpectedly error".
>
> I originally received the pg_hba.conf entry complaint as well but after
> adding and restarting the system the above is all I get.
>
> I tried specifying pgadmin to prefer SSL connection, and changed
> pg_hba.conf entry to expect SSL from my VPN connection entry.
>
>
> On Tue, 2004-05-25 at 08:42, LSanchez@ameritrade.com wrote:
> > Thanks Mike!
> >
> > I already specified the IP address that was specified by my VPN
> > connection. I read through the docs and found nothing about anything
> > special with VPN connections.
> >
> > Regards,
> > - Lily Anne
> >
> > -----Original Message-----
> > From: Mike G [mailto:mike@thegodshalls.com]
> > Sent: Monday, May 24, 2004 10:23 PM
> > To: LSanchez@ameritrade.com
> > Cc: xzilla@users.sourceforge.net; pgsql-admin@postgresql.org
> > Subject: Re: [ADMIN] pg_hba.conf
> >
> > Your ip address range is probably different when connecting via a VPN
> > rather than in the office.  By default postgres will not allow
> > connections from other locations even if tcpip_socket is true without
> > specifying an ip address range, database etc.
> >
> > Checkout the docs.  There is a section on pg_hba.conf.
> >
> > Mike
> >
> > On Mon, May 24, 2004 at 01:02:12PM -0400, LSanchez@ameritrade.com wrote:
> > > Yes I can ping the server if not connected via VPN.
> > >
> > > I'm using EMS PostgreSQL Manager, which works if not via VPN.
> > >
> > > Yes, postgresql.conf's tcpip_socket = true.
> > >
> > > The log says: FATAL: No pg_hba.conf entry for host 10.29.15.113, user
> > > postgres, database TEST.
> > >
> > > Thanks for your help!
> > >
> > > Regards,
> > > - Lily Anne
> > >
> > >
> > > -----Original Message-----
> > > From: Robert Treat [mailto:xzilla@users.sourceforge.net]
> > > Sent: Friday, May 21, 2004 8:04 PM
> > > To: LSanchez@ameritrade.com
> > > Cc: pgsql-admin@postgresql.org
> > > Subject: Re: [ADMIN] pg_hba.conf
> > >
> > > can you ping the server that postgresql is living on?  or maybe your
> > > misrepresenting the error message...  what program are you using to
> > try
> > > and
> > > connect? can you verify that tcpip_sockets is turned on the server?
> > > also, if
> > > it is a database problem there will be an exact error message being
> > > reported
> > > in the logs of type FATAL, can you send us that?
> > >
> > > Robert Treat
> > >
> > > On Friday 21 May 2004 17:01, LSanchez@ameritrade.com wrote:
> > > > Thanks Robert!
> > > >
> > > > I did that as well and still didn't work. Any other ideas?
> > > >
> > > > -----Original Message-----
> > > > From: Robert Treat [mailto:xzilla@users.sourceforge.net]
> > > > Sent: Friday, May 21, 2004 4:41 PM
> > > > To: LSanchez@ameritrade.com
> > > > Cc: pgsql-admin@postgresql.org
> > > > Subject: Re: [ADMIN] pg_hba.conf
> > > >
> > > > On Thu, 2004-05-20 at 19:52, LSanchez@ameritrade.com wrote:
> > > > > I'm trying to access our test postgreSQL server via VPN and even
> > > >
> > > > though
> > > >
> > > > > I already setup the host for the vpn's ip address, I'm still
> > getting
> > > >
> > > > an
> > > >
> > > > > error similar to "host for vpn address does not exist"
> > > > >
> > > > > What am I doing incorrectly?
> > > >
> > > > The error similar to that that I am thinking of would indicate that
> > > the
> > > > ip address of your client machine does not fall into the scheme laid
> > > out
> > > > in your pg_hba.conf. Most likely you need to add your home machines
> > ip
> > > > into the pg_hba.conf (or open up one of the existing entries to
> > > include
> > > > the machine your connecting from)
> > > >
> > > > HTH
> > > >
> > > > Robert Treat
> > >
> > > --
> > > Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
> > >
> > > ---------------------------(end of
> > broadcast)---------------------------
> > > TIP 4: Don't 'kill -9' the postmaster
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 7: don't forget to increase your free space map settings

Re: pg_hba.conf

From
jseymour@LinxNet.com (Jim Seymour)
Date:
>
> Hello,
>
> I believe I found my problem.  The Cisco VPN client I use encrypts data
> at a 168 bit level.  Postgres only supports up to 128 bit correct?

That's your VPN's end-to-end/network-to-network connectivity.  It has
nothing to do with PostgreSQL at all.

(Note: Please do NOT copy me on replies.  I do read the mailing
list.)

Jim

Re: pg_hba.conf

From
Date:
Thanks Mike!

Do you know if pgSQL will be supporting higher level of encryption in
the near future? Most of us here at Ameritrade work from home via VPN.


-----Original Message-----
From: mike g [mailto:mike@thegodshalls.com]
Sent: Wednesday, May 26, 2004 12:51 AM
To: LSanchez@ameritrade.com
Cc: xzilla@users.sourceforge.net; pgsql-admin@postgresql.org
Subject: Re: [ADMIN] pg_hba.conf

Hello,

I believe I found my problem.  The Cisco VPN client I use encrypts data
at a 168 bit level.  Postgres only supports up to 128 bit correct?

Mike

On Tue, 2004-05-25 at 23:12, mike g wrote:
> Hmm....
>
> Looks like I am still in the same boat you are.
>
> I still cannot log into my db over a VPN connection using pgadminIII.
>
> Everytime I try and connect I get a "Server terminated connection
> unexpectedly error".
>
> I originally received the pg_hba.conf entry complaint as well but
after
> adding and restarting the system the above is all I get.
>
> I tried specifying pgadmin to prefer SSL connection, and changed
> pg_hba.conf entry to expect SSL from my VPN connection entry.
>
>
> On Tue, 2004-05-25 at 08:42, LSanchez@ameritrade.com wrote:
> > Thanks Mike!
> >
> > I already specified the IP address that was specified by my VPN
> > connection. I read through the docs and found nothing about anything
> > special with VPN connections.
> >
> > Regards,
> > - Lily Anne
> >
> > -----Original Message-----
> > From: Mike G [mailto:mike@thegodshalls.com]
> > Sent: Monday, May 24, 2004 10:23 PM
> > To: LSanchez@ameritrade.com
> > Cc: xzilla@users.sourceforge.net; pgsql-admin@postgresql.org
> > Subject: Re: [ADMIN] pg_hba.conf
> >
> > Your ip address range is probably different when connecting via a
VPN
> > rather than in the office.  By default postgres will not allow
> > connections from other locations even if tcpip_socket is true
without
> > specifying an ip address range, database etc.
> >
> > Checkout the docs.  There is a section on pg_hba.conf.
> >
> > Mike
> >
> > On Mon, May 24, 2004 at 01:02:12PM -0400, LSanchez@ameritrade.com
wrote:
> > > Yes I can ping the server if not connected via VPN.
> > >
> > > I'm using EMS PostgreSQL Manager, which works if not via VPN.
> > >
> > > Yes, postgresql.conf's tcpip_socket = true.
> > >
> > > The log says: FATAL: No pg_hba.conf entry for host 10.29.15.113,
user
> > > postgres, database TEST.
> > >
> > > Thanks for your help!
> > >
> > > Regards,
> > > - Lily Anne
> > >
> > >
> > > -----Original Message-----
> > > From: Robert Treat [mailto:xzilla@users.sourceforge.net]
> > > Sent: Friday, May 21, 2004 8:04 PM
> > > To: LSanchez@ameritrade.com
> > > Cc: pgsql-admin@postgresql.org
> > > Subject: Re: [ADMIN] pg_hba.conf
> > >
> > > can you ping the server that postgresql is living on?  or maybe
your
> > > misrepresenting the error message...  what program are you using
to
> > try
> > > and
> > > connect? can you verify that tcpip_sockets is turned on the
server?
> > > also, if
> > > it is a database problem there will be an exact error message
being
> > > reported
> > > in the logs of type FATAL, can you send us that?
> > >
> > > Robert Treat
> > >
> > > On Friday 21 May 2004 17:01, LSanchez@ameritrade.com wrote:
> > > > Thanks Robert!
> > > >
> > > > I did that as well and still didn't work. Any other ideas?
> > > >
> > > > -----Original Message-----
> > > > From: Robert Treat [mailto:xzilla@users.sourceforge.net]
> > > > Sent: Friday, May 21, 2004 4:41 PM
> > > > To: LSanchez@ameritrade.com
> > > > Cc: pgsql-admin@postgresql.org
> > > > Subject: Re: [ADMIN] pg_hba.conf
> > > >
> > > > On Thu, 2004-05-20 at 19:52, LSanchez@ameritrade.com wrote:
> > > > > I'm trying to access our test postgreSQL server via VPN and
even
> > > >
> > > > though
> > > >
> > > > > I already setup the host for the vpn's ip address, I'm still
> > getting
> > > >
> > > > an
> > > >
> > > > > error similar to "host for vpn address does not exist"
> > > > >
> > > > > What am I doing incorrectly?
> > > >
> > > > The error similar to that that I am thinking of would indicate
that
> > > the
> > > > ip address of your client machine does not fall into the scheme
laid
> > > out
> > > > in your pg_hba.conf. Most likely you need to add your home
machines
> > ip
> > > > into the pg_hba.conf (or open up one of the existing entries to
> > > include
> > > > the machine your connecting from)
> > > >
> > > > HTH
> > > >
> > > > Robert Treat
> > >
> > > --
> > > Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
> > >
> > > ---------------------------(end of
> > broadcast)---------------------------
> > > TIP 4: Don't 'kill -9' the postmaster
> >
> > ---------------------------(end of
broadcast)---------------------------
> > TIP 7: don't forget to increase your free space map settings

Re: pg_hba.conf

From
Bruce Momjian
Date:
LSanchez@ameritrade.com wrote:
> Thanks Mike!
>
> Do you know if pgSQL will be supporting higher level of encryption in
> the near future? Most of us here at Ameritrade work from home via VPN.

We support SSL so you don't need VPN encryption.  However, we should
work with whatever VPN encryption you are already using too.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

Re: pg_hba.conf

From
Bruno Wolff III
Date:
On Wed, May 26, 2004 at 10:27:41 -0400,
  LSanchez@ameritrade.com wrote:
> Thanks Mike!
>
> Do you know if pgSQL will be supporting higher level of encryption in
> the near future? Most of us here at Ameritrade work from home via VPN.

The client can use ssl. That supports 128 bit keys which is plenty.
Any adversary that has the resources to brute force a 128bit key has
the resources to do black bag jobs for a lower cost. If there are other
weaknesses besides brute force attacks, increasing the key size alone
isn't going to magicly make things better.

What kinds of threats are you trying to protect against? If you are using
an encrypted link already, using ssl isn't going to add much security.

Just allowing people to connect to the database directly is a significant
risk. It is made worse by letting people do it home where the machines
may not be safely operated by the users, which are not physically secured
and for which maitainance is harder (or not being done by the company).

If you are worried about people stealing hardware with information on it,
you should be considering better physical security, proper procedures
for destroying old media and consider using encrypted file systems.

If you are looking for ideas for how to hide information from authroized
users of a database while letting them use it for some things, Peter Wayner's
book Translucent Databases might be of some interest.

> -----Original Message-----
> From: mike g [mailto:mike@thegodshalls.com]
> Sent: Wednesday, May 26, 2004 12:51 AM
> To: LSanchez@ameritrade.com
> Cc: xzilla@users.sourceforge.net; pgsql-admin@postgresql.org
> Subject: Re: [ADMIN] pg_hba.conf
>
> Hello,
>
> I believe I found my problem.  The Cisco VPN client I use encrypts data
> at a 168 bit level.  Postgres only supports up to 128 bit correct?
>
> Mike

Re: pg_hba.conf

From
Date:
Thanks so much! :)

-----Original Message-----
From: Bruce Momjian [mailto:pgman@candle.pha.pa.us]
Sent: Wednesday, May 26, 2004 10:56 AM
To: LSanchez@ameritrade.com
Cc: mike@thegodshalls.com; xzilla@users.sourceforge.net;
pgsql-admin@postgresql.org
Subject: Re: [ADMIN] pg_hba.conf

LSanchez@ameritrade.com wrote:
> Thanks Mike!
>
> Do you know if pgSQL will be supporting higher level of encryption in
> the near future? Most of us here at Ameritrade work from home via VPN.


We support SSL so you don't need VPN encryption.  However, we should
work with whatever VPN encryption you are already using too.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania
19073

Re: pg_hba.conf

From
jseymour@linxnet.com (Jim Seymour)
Date:
Note: Please do NOT Cc: me on replies to the mailing list.  I read the
mailing list.  One copy of your comments is sufficient.  Thank you.

>
> Thanks Mike!
>
> Do you know if pgSQL will be supporting higher level of encryption in
> the near future? Most of us here at Ameritrade work from home via VPN.=20

As I told "mike g": pgsql's encryption has *nothing* to do with your
VPN's encryption.  I'm running a sort of a VPN, using port-
forwarding over OpenSSH.  In fact, from work just now...

From an xterm...
$ ssh -C -c blowfish -2 -L 57001:athome.example.com:5432 athome.example.com

What that command says is to do an SSH login to athome.example.com
and port-forward port 57001 on the local machine to port 5432 on
athome.example.com.  The "-C" says to use data compression on the
session.  The "-c blowfish" says to encrypt the session using the
Blowfish encryption algorithm.

From another xterm...
$ psql -h 127.0.0.1 -p 57001
Password:
Welcome to psql 7.4.2, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help on internal slash commands
       \g or terminate with semicolon to execute query
       \q to quit

jseymour=>

That is the pgsql server on my machine at home.

Now, in my case, it's simplified in that what pgsql sees coming in is
a connection from its own server (localhost), because the connection
is port-forwarded by SSH, rather than routed over a VPN route.  But
that's just a technicality.  The point I'm trying to make is that
pgsql doesn't care, doesn't even *know*, what the VPN connection
uses for encryption--or even that it *is* encrypted.  (Much-less that
my SSH connection travels through an application proxy firewall,
a NAT'd router, and the Lord knows how many routers and other network
equipment on the way.)

Jim

Re: pg_hba.conf

From
Chris Browne
Date:
mike@thegodshalls.com (mike g) writes:
> I believe I found my problem.  The Cisco VPN client I use encrypts data
> at a 168 bit level.  Postgres only supports up to 128 bit correct?

That ought to be entirely irrelevant, as your VPN client would encrypt
all data going across the network, encrypted or not.  Indeed, if the
VPN is encrypting the data, it is redundant to have the database
server encrypt it an extra time.

That will just make things perform poorly.

And if you have some network configuration problem, adding in extra
layers of encryption is unlikely to make it easier to solve the
problem...
--
(reverse (concatenate 'string "gro.mca" "@" "enworbbc"))
http://cbbrowne.com/info/linux.html
Howe's Law:
        Everyone has a scheme that will not work.

Re: pg_hba.conf

From
mike g
Date:
Hello,

I finally got it to work and as some have mentioned it was not the
encryption level.

I had setup my pg_hba.conf originally like this:

host   all     all     10.15.0.0       255.255.255.0   trust


I was under the impression that the .0 was supposed to be equivalent to
a wildcard entry so that any connection from 10.15 would be able to
connect.  This was not so.  By changing my pg_hba.conf to this:

host   all     all    10.15.13.0      255.255.255.0    trust

I was able to connect successfully.  The .0 works as a wildcard entry
for the last part but not the one prior.


Hope that helps you.

Mike


On Wed, 2004-05-26 at 10:25, LSanchez@ameritrade.com wrote:
> Thanks so much! :)
>
> -----Original Message-----
> From: Bruce Momjian [mailto:pgman@candle.pha.pa.us]
> Sent: Wednesday, May 26, 2004 10:56 AM
> To: LSanchez@ameritrade.com
> Cc: mike@thegodshalls.com; xzilla@users.sourceforge.net;
> pgsql-admin@postgresql.org
> Subject: Re: [ADMIN] pg_hba.conf
>
> LSanchez@ameritrade.com wrote:
> > Thanks Mike!
> >
> > Do you know if pgSQL will be supporting higher level of encryption in
> > the near future? Most of us here at Ameritrade work from home via VPN.
>
>
> We support SSL so you don't need VPN encryption.  However, we should
> work with whatever VPN encryption you are already using too.

Re: pg_hba.conf

From
"C. Bensend"
Date:
> I had setup my pg_hba.conf originally like this:
>
> host   all     all     10.15.0.0       255.255.255.0   trust
>
>
> I was under the impression that the .0 was supposed to be equivalent to
> a wildcard entry so that any connection from 10.15 would be able to
> connect.  This was not so.  By changing my pg_hba.conf to this:
>
> host   all     all    10.15.13.0      255.255.255.0    trust
>
> I was able to connect successfully.  The .0 works as a wildcard entry
> for the last part but not the one prior.

Yes, when your subnet mask is set for a /24, that's correct.

Your first attempt above allowed connections for anything in the
10.15.0/24 subnet (which 10.15.13 is not a part of).

Benny


--
"Oh, the Jedis are going to feel this one!"       -- Professor Farnsworth,
                                                     "Futurama"

Re: pg_hba.conf

From
Tom Lane
Date:
"C. Bensend" <benny@bennyvision.com> writes:
>> I had setup my pg_hba.conf originally like this:
>> host   all     all     10.15.0.0       255.255.255.0   trust
>>
>> I was under the impression that the .0 was supposed to be equivalent to
>> a wildcard entry so that any connection from 10.15 would be able to
>> connect.  This was not so.  By changing my pg_hba.conf to this:

> Yes, when your subnet mask is set for a /24, that's correct.

To expand a bit: the correct way of letting in a /16 would be

host   all     all     10.15.0.0       255.255.0.0   trust

In recent PG releases (7.4.*, not sure about 7.3) you could also write

host   all     all     10.15.0.0/16   trust

            regards, tom lane

Re: pg_hba.conf

From
Date:
Hi Mike,

That's exactly how I had mine setup all along:

host   all   all     10.29.15.0    255.255.255.0    trust

and it just doesn't work via VPN.

Thanks,
- Lily Anne



-----Original Message-----
From: mike g [mailto:mike@thegodshalls.com]
Sent: Wednesday, May 26, 2004 11:16 PM
To: LSanchez@ameritrade.com
Cc: pgsql-admin@postgresql.org
Subject: Re: [ADMIN] pg_hba.conf

Hello,

I finally got it to work and as some have mentioned it was not the
encryption level.

I had setup my pg_hba.conf originally like this:

host   all     all     10.15.0.0       255.255.255.0   trust


I was under the impression that the .0 was supposed to be equivalent to
a wildcard entry so that any connection from 10.15 would be able to
connect.  This was not so.  By changing my pg_hba.conf to this:

host   all     all    10.15.13.0      255.255.255.0    trust

I was able to connect successfully.  The .0 works as a wildcard entry
for the last part but not the one prior.


Hope that helps you.

Mike


On Wed, 2004-05-26 at 10:25, LSanchez@ameritrade.com wrote:
> Thanks so much! :)
>
> -----Original Message-----
> From: Bruce Momjian [mailto:pgman@candle.pha.pa.us]
> Sent: Wednesday, May 26, 2004 10:56 AM
> To: LSanchez@ameritrade.com
> Cc: mike@thegodshalls.com; xzilla@users.sourceforge.net;
> pgsql-admin@postgresql.org
> Subject: Re: [ADMIN] pg_hba.conf
>
> LSanchez@ameritrade.com wrote:
> > Thanks Mike!
> >
> > Do you know if pgSQL will be supporting higher level of encryption
in
> > the near future? Most of us here at Ameritrade work from home via
VPN.
>
>
> We support SSL so you don't need VPN encryption.  However, we should
> work with whatever VPN encryption you are already using too.

Re: pg_hba.conf

From
jseymour@linxnet.com (Jim Seymour)
Date:
(Note: Please do not copy me individually on posts to the mailing
list.  I do read the list and don't need two copies.  Thanks.)

(Note2: I did Cc: this to LSanchez as she's yet to respond to any of
my prior comments, so I begin to suspect she's not getting/reading
the mailing list traffic?)

>
> Hi Mike,
>
> That's exactly how I had mine setup all along:
>
> host   all   all     10.29.15.0    255.255.255.0    trust
>
> and it just doesn't work via VPN.

Then I would suggest the server isn't seeing you coming from
10.29.15.0 through 10.29.15.255.  Then again: There's been some kind
of bug (?) mentioned lately (only on [certain versions?] of Solaris?)
where "network netmask" doesn't appear to work properly.  Try
changing the "10.29.15.0    255.255.255.0" to "10.29.15.0/24", if you
have a 7.4-series pgsql server, and see if that doesn't work.

Jim

Re: pg_hba.conf

From
"Armstrong, Marc"
Date:
Mike,

I think if you set it up like this it would have worked as well:

host   all     all     10.15.0.0       255.255.0.0   trust

Your netmask was telling it that the first three octets of the IP address
were significant.

Marc Armstrong - Webmaster - Danly IEM - 440-239-7607
marmstrong@danly.com - webmaster@danly.com
AIM: marmstro2 - Jabber: marmstro@amessage.de


-----Original Message-----
From: mike g [mailto:mike@thegodshalls.com]
Sent: Wednesday, May 26, 2004 11:16 PM
To: LSanchez@ameritrade.com
Cc: pgsql-admin@postgresql.org
Subject: Re: [ADMIN] pg_hba.conf


Hello,

I finally got it to work and as some have mentioned it was not the
encryption level.

I had setup my pg_hba.conf originally like this:

host   all     all     10.15.0.0       255.255.255.0   trust


I was under the impression that the .0 was supposed to be equivalent to a
wildcard entry so that any connection from 10.15 would be able to connect.
This was not so.  By changing my pg_hba.conf to this:

host   all     all    10.15.13.0      255.255.255.0    trust

I was able to connect successfully.  The .0 works as a wildcard entry for
the last part but not the one prior.


Hope that helps you.

Mike


On Wed, 2004-05-26 at 10:25, LSanchez@ameritrade.com wrote:
> Thanks so much! :)
>
> -----Original Message-----
> From: Bruce Momjian [mailto:pgman@candle.pha.pa.us]
> Sent: Wednesday, May 26, 2004 10:56 AM
> To: LSanchez@ameritrade.com
> Cc: mike@thegodshalls.com; xzilla@users.sourceforge.net;
> pgsql-admin@postgresql.org
> Subject: Re: [ADMIN] pg_hba.conf
>
> LSanchez@ameritrade.com wrote:
> > Thanks Mike!
> >
> > Do you know if pgSQL will be supporting higher level of encryption
> > in the near future? Most of us here at Ameritrade work from home via
> > VPN.
>
>
> We support SSL so you don't need VPN encryption.  However, we should
> work with whatever VPN encryption you are already using too.

---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?

               http://www.postgresql.org/docs/faqs/FAQ.html


The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited.  If you received
this in error, please contact the sender and delete the material from any
computer.

Re: pg_hba.conf

From
Date:
Hi Jim,

I apologize, but it seems that this is the first time that I received an
email from you, but I did receive some emails from others about this
issue, which I had been responding to. Or maybe, I'm not subscribed to
the mailing list? I'll check this out and fix it asap.

I will try what you suggested tonight, as soon as I get home.

Thanks so much for your help!

Regards,
- Lily Anne



-----Original Message-----
From: Jim Seymour [mailto:jseymour@linxnet.com]
Sent: Thursday, May 27, 2004 10:03 AM
To: pgsql-admin@postgresql.org
Cc: LSanchez@ameritrade.com
Subject: Re: [ADMIN] pg_hba.conf

(Note: Please do not copy me individually on posts to the mailing
list.  I do read the list and don't need two copies.  Thanks.)

(Note2: I did Cc: this to LSanchez as she's yet to respond to any of
my prior comments, so I begin to suspect she's not getting/reading
the mailing list traffic?)

>
> Hi Mike,
>
> That's exactly how I had mine setup all along:
>
> host   all   all     10.29.15.0    255.255.255.0    trust
>
> and it just doesn't work via VPN.

Then I would suggest the server isn't seeing you coming from
10.29.15.0 through 10.29.15.255.  Then again: There's been some kind
of bug (?) mentioned lately (only on [certain versions?] of Solaris?)
where "network netmask" doesn't appear to work properly.  Try
changing the "10.29.15.0    255.255.255.0" to "10.29.15.0/24", if you
have a 7.4-series pgsql server, and see if that doesn't work.

Jim

PHP version with postgres 7.4

From
Steve Lane
Date:
Hello all:

I have several customers that I need to upgrade to postgres 7.4.
Unfortunately they are also using somewhat older versions of PHP as well
(4.1 and 4.2). Does anyone know offhand if there are any compatibility
issues between PHP 4.1/4.2 and postgres 7.4?

I'm opening to upgrading PHP as well, just wondering whether I'll HAVE to.

-- sgl


Re: PHP version with postgres 7.4

From
Mitch Pirtle
Date:
Steve Lane wrote:

>Hello all:
>
>I have several customers that I need to upgrade to postgres 7.4.
>Unfortunately they are also using somewhat older versions of PHP as well
>(4.1 and 4.2). Does anyone know offhand if there are any compatibility
>issues between PHP 4.1/4.2 and postgres 7.4?
>
>I'm opening to upgrading PHP as well, just wondering whether I'll HAVE to.
>
>
You will.  Depends on what operating system / distro you are using, for
most it is a simple 'apt-get upgrade'...

Whenever you upgrade to a newer point release (e.g. 7.3 -> 7.4) you will
always have to upgrade php or rebuild php with the newer postgresql
client libraries.  Either is not too hard, just annoying once you get
Turck MMCache and other stuff built into apache...

Let me know what your O/S is and I can be more specific.

-- Mitch

Re: pg_hba.conf

From
Mike G
Date:
Thank you to all who replied with the additional info.
On Thu, May 27, 2004 at 09:35:06AM -0400, Tom Lane wrote:
> "C. Bensend" <benny@bennyvision.com> writes:
> >> I had setup my pg_hba.conf originally like this:
> >> host   all     all     10.15.0.0       255.255.255.0   trust
> >>
> >> I was under the impression that the .0 was supposed to be equivalent to
> >> a wildcard entry so that any connection from 10.15 would be able to
> >> connect.  This was not so.  By changing my pg_hba.conf to this:
>
> > Yes, when your subnet mask is set for a /24, that's correct.
>
> To expand a bit: the correct way of letting in a /16 would be
>
> host   all     all     10.15.0.0       255.255.0.0   trust
>
> In recent PG releases (7.4.*, not sure about 7.3) you could also write
>
> host   all     all     10.15.0.0/16   trust
>
>             regards, tom lane

Compiling problems with 7.4.2

From
Renney Thomas
Date:
I ran into a problem compiling 7.4.2 on  Sun Solaris. The details are as
follows. Thanks

SunOS  5.8 Generic_108528-29 sun4u sparc SUNW,Ultra-1
--------------------
Reading specs from /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.3.2/specs
Configured with: ../configure --with-as=/usr/ccs/bin/as
--with-ld=/usr/ccs/bin/ld --dis
able-nls
Thread model: posix
gcc version 3.3.2

--------------------

gcc -O3 -pthreads -fno-strict-aliasing -Wall -Wmissing-prototypes
-Wmissing-declaration
s -fPIC -I. -I../../../src/include -I/usr/local/include
-I/usr/local/ssl/include  -DFRO
NTEND -DSYSCONFDIR='"/usr/local/pgsql/etc"'  -c -o thread.o thread.c
thread.c: In function `pqGetpwuid':
thread.c:116: error: too many arguments to function `getpwuid_r'
gmake[3]: *** [thread.o] Error 1
gmake[3]: Leaving directory `/opt/sft/postgresql-7.4.2/src/interfaces/libpq'
gmake[2]: *** [all] Error 2
gmake[2]: Leaving directory `/opt/sft/postgresql-7.4.2/src/interfaces'
gmake[1]: *** [all] Error 2
gmake[1]: Leaving directory `/opt/sft/postgresql-7.4.2/src'
gmake: *** [all] Error 2

Re: Compiling problems with 7.4.2

From
Bruce Momjian
Date:
This will be fixed in 7.4.3.  You can grab the 7.4 STABLE CVS tag if you
want it now.

---------------------------------------------------------------------------

Renney Thomas wrote:
> I ran into a problem compiling 7.4.2 on  Sun Solaris. The details are as
> follows. Thanks
>
> SunOS  5.8 Generic_108528-29 sun4u sparc SUNW,Ultra-1
> --------------------
> Reading specs from /usr/local/lib/gcc-lib/sparc-sun-solaris2.8/3.3.2/specs
> Configured with: ../configure --with-as=/usr/ccs/bin/as
> --with-ld=/usr/ccs/bin/ld --dis
> able-nls
> Thread model: posix
> gcc version 3.3.2
>
> --------------------
>
> gcc -O3 -pthreads -fno-strict-aliasing -Wall -Wmissing-prototypes
> -Wmissing-declaration
> s -fPIC -I. -I../../../src/include -I/usr/local/include
> -I/usr/local/ssl/include  -DFRO
> NTEND -DSYSCONFDIR='"/usr/local/pgsql/etc"'  -c -o thread.o thread.c
> thread.c: In function `pqGetpwuid':
> thread.c:116: error: too many arguments to function `getpwuid_r'
> gmake[3]: *** [thread.o] Error 1
> gmake[3]: Leaving directory `/opt/sft/postgresql-7.4.2/src/interfaces/libpq'
> gmake[2]: *** [all] Error 2
> gmake[2]: Leaving directory `/opt/sft/postgresql-7.4.2/src/interfaces'
> gmake[1]: *** [all] Error 2
> gmake[1]: Leaving directory `/opt/sft/postgresql-7.4.2/src'
> gmake: *** [all] Error 2
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
>       subscribe-nomail command to majordomo@postgresql.org so that your
>       message can get through to the mailing list cleanly
>

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

Re: pg_hba.conf

From
Date:
Jim said:
>>>
Try changing the "10.29.15.0    255.255.255.0" to "10.29.15.0/24", if
you
have a 7.4-series pgsql server, and see if that doesn't work.
>>>

IT WORKED! Thanks so much Jim! I'm happily connected from home today...
:)



-----Original Message-----
From: Sanchez, Lily
Sent: Thursday, May 27, 2004 10:12 AM
To: 'pgsql-admin@postgresql.org'
Subject: RE: [ADMIN] pg_hba.conf

Hi Jim,

I apologize, but it seems that this is the first time that I received an
email from you, but I did receive some emails from others about this
issue, which I had been responding to. Or maybe, I'm not subscribed to
the mailing list? I'll check this out and fix it asap.

I will try what you suggested tonight, as soon as I get home.

Thanks so much for your help!

Regards,
- Lily Anne



-----Original Message-----
From: Jim Seymour [mailto:jseymour@linxnet.com]
Sent: Thursday, May 27, 2004 10:03 AM
To: pgsql-admin@postgresql.org
Cc: LSanchez@ameritrade.com
Subject: Re: [ADMIN] pg_hba.conf

(Note: Please do not copy me individually on posts to the mailing
list.  I do read the list and don't need two copies.  Thanks.)

(Note2: I did Cc: this to LSanchez as she's yet to respond to any of
my prior comments, so I begin to suspect she's not getting/reading
the mailing list traffic?)

>
> Hi Mike,
>
> That's exactly how I had mine setup all along:
>
> host   all   all     10.29.15.0    255.255.255.0    trust
>
> and it just doesn't work via VPN.

Then I would suggest the server isn't seeing you coming from
10.29.15.0 through 10.29.15.255.  Then again: There's been some kind
of bug (?) mentioned lately (only on [certain versions?] of Solaris?)
where "network netmask" doesn't appear to work properly.  Try
changing the "10.29.15.0    255.255.255.0" to "10.29.15.0/24", if you
have a 7.4-series pgsql server, and see if that doesn't work.

Jim

Re: pg_hba.conf

From
jseymour@linxnet.com (Jim Seymour)
Date:
<LSanchez@ameritrade.com> wrote:
>
> Jim said:
> >>>
> Try changing the "10.29.15.0    255.255.255.0" to "10.29.15.0/24", if
> you
> have a 7.4-series pgsql server, and see if that doesn't work.
> >>>
>
> IT WORKED! Thanks so much Jim! I'm happily connected from home today...
> :)

It was a long shot, but it worked.  Very good :).

I'm curious, Lily, could you share with us just what operating system
and version/release the PostgreSQL server is running on?  And what
version of PostgreSQL is running on that server?  Reason I ask is that
the solution I presented has so far only been associated with some (?)
versions of pgsql running on some (?) versions of Sun Solaris.

(Note: I'm Cc'ing you again as last time you mentioned you weren't
getting the mailing list itself.)

Jim