Thread: pg_hba.conf stuff
Hi all, I have a server (Ubuntu 6.10 to be exact) running PostgresQL 8.1.4. On that server I have a user account, called "ynui", and I also have a postgres user called "ynui", they have the same password. Now the server's IP is 192.168.0.1 My main postgres conf has in it: listen_addresses = 'localhost,192.168.0.1' my pg_hba.conf is: # "local" is for Unix domain socket connections only local all all md5 # IPv4 local connections: host all all 127.0.0.1/32 md5 # IPv6 local connections: host all all ::1/128 md5 # Internal network host all all 192.168.0.0/24 md5 Now I have a client PC 192.168.0.10, it's also running Linux and the unix account name on this machine is rob. I have the postgres client installed on this machine and am connecting like this: psql -h 192.168.0.1 -U ynui Now my problem is, because the server has on it a user account "ynui" and postgres also has a user called "ynui", with the same password, it goes straight in, without asking for the password at all!!! This is even though I specifically configured the "Internal network" section in my pg_hba.conf file for "md5", and this "ynui" unix user is actually on the server, not on the client pc. Then why does it still go straight in from the client PC without asking for the password for the "ynui" user? Any ideas? is there any way to prevent this automatic login, or is the only way to have the unix "ynui" user and postgres "ynui" user no the server to have a different password? I would prefer them not to have different passwords however if possible. Any ideas? any help would be appreciated.
On Thu, 1 Mar 2007, Rob van der Linde wrote: > On that server I have a user account, called "ynui", and I also have a > postgres user called "ynui", they have the same password. Now the > server's IP is 192.168.0.1 > > My main postgres conf has in it: > > listen_addresses = 'localhost,192.168.0.1' > > my pg_hba.conf is: > > # "local" is for Unix domain socket connections only > local all all md5 > # IPv4 local connections: > host all all 127.0.0.1/32 md5 > # IPv6 local connections: > host all all ::1/128 md5 > # Internal network > host all all 192.168.0.0/24 md5 > > Now I have a client PC 192.168.0.10, it's also running Linux and the > unix account name on this machine is rob. I have the postgres client > installed on this machine and am connecting like this: > > psql -h 192.168.0.1 -U ynui > > Now my problem is, because the server has on it a user account "ynui" > and postgres also has a user called "ynui", with the same password, it > goes straight in, without asking for the password at all!!! > > This is even though I specifically configured the "Internal network" > section in my pg_hba.conf file for "md5", and this "ynui" unix user is > actually on the server, not on the client pc. Then why does it still go > straight in from the client PC without asking for the password for the > "ynui" user? > > Any ideas? is there any way to prevent this automatic login, or is the > only way to have the unix "ynui" user and postgres "ynui" user no the > server to have a different password? I would prefer them not to have > different passwords however if possible. > > Any ideas? any help would be appreciated. Rob, The local OS user on the server should have no effect on postgres connectivity when connecting via the network. Do you by chance have a .pgpass file in the home directory of the OS user you're using to run psql? Also, did you reload postgresql after you made the changes to the pg_hba.conf? -- Jeff Frost, Owner <jeff@frostconsultingllc.com> Frost Consulting, LLC http://www.frostconsultingllc.com/ Phone: 650-780-7908 FAX: 650-649-1954
Yes, pgadmin3 uses .pgpass to store its connection info - so that's your likely culprit. On Thu, 1 Mar 2007, Rob van der Linde wrote: > I had a .pgpass file in the home directory of the client PC. It's > possible PgAdmin III or some other program created it. -- Jeff Frost, Owner <jeff@frostconsultingllc.com> Frost Consulting, LLC http://www.frostconsultingllc.com/ Phone: 650-780-7908 FAX: 650-649-1954
Yes! that's it, thanks heaps. I had a .pgpass file in the home directory of the client PC. It's possible PgAdmin III or some other program created it. Thanks heaps, now I know it was not actually a security issue with my server. On Wed, 2007-02-28 at 17:15 -0800, Jeff Frost wrote: > On Thu, 1 Mar 2007, Rob van der Linde wrote: > > > On that server I have a user account, called "ynui", and I also have a > > postgres user called "ynui", they have the same password. Now the > > server's IP is 192.168.0.1 > > > > My main postgres conf has in it: > > > > listen_addresses = 'localhost,192.168.0.1' > > > > my pg_hba.conf is: > > > > # "local" is for Unix domain socket connections only > > local all all md5 > > # IPv4 local connections: > > host all all 127.0.0.1/32 md5 > > # IPv6 local connections: > > host all all ::1/128 md5 > > # Internal network > > host all all 192.168.0.0/24 md5 > > > > Now I have a client PC 192.168.0.10, it's also running Linux and the > > unix account name on this machine is rob. I have the postgres client > > installed on this machine and am connecting like this: > > > > psql -h 192.168.0.1 -U ynui > > > > Now my problem is, because the server has on it a user account "ynui" > > and postgres also has a user called "ynui", with the same password, it > > goes straight in, without asking for the password at all!!! > > > > This is even though I specifically configured the "Internal network" > > section in my pg_hba.conf file for "md5", and this "ynui" unix user is > > actually on the server, not on the client pc. Then why does it still go > > straight in from the client PC without asking for the password for the > > "ynui" user? > > > > Any ideas? is there any way to prevent this automatic login, or is the > > only way to have the unix "ynui" user and postgres "ynui" user no the > > server to have a different password? I would prefer them not to have > > different passwords however if possible. > > > > Any ideas? any help would be appreciated. > > Rob, > > The local OS user on the server should have no effect on postgres connectivity > when connecting via the network. > > Do you by chance have a .pgpass file in the home directory of the OS user > you're using to run psql? > > Also, did you reload postgresql after you made the changes to the pg_hba.conf? >