Thread: pg_hba.conf stuff

pg_hba.conf stuff

From
Rob van der Linde
Date:
Hi all,

I have a server (Ubuntu 6.10 to be exact) running PostgresQL 8.1.4.

On that server I have a user account, called "ynui", and I also have a
postgres user called "ynui", they have the same password. Now the
server's IP is 192.168.0.1

My main postgres conf has in it:

listen_addresses = 'localhost,192.168.0.1'

my pg_hba.conf is:

# "local" is for Unix domain socket connections only
local   all         all                               md5
# IPv4 local connections:
host    all         all         127.0.0.1/32          md5
# IPv6 local connections:
host    all         all         ::1/128               md5
# Internal network
host    all         all         192.168.0.0/24        md5

Now I have a client PC 192.168.0.10, it's also running Linux and the
unix account name on this machine is rob. I have the postgres client
installed on this machine and am connecting like this:

psql -h 192.168.0.1 -U ynui

Now my problem is, because the server has on it a user account "ynui"
and postgres also has a user called "ynui", with the same password, it
goes straight in, without asking for the password at all!!!

This is even though I specifically configured the "Internal network"
section in my pg_hba.conf file for "md5", and this "ynui" unix user is
actually on the server, not on the client pc. Then why does it still go
straight in from the client PC without asking for the password for the
"ynui" user?

Any ideas? is there any way to prevent this automatic login, or is the
only way to have the unix "ynui" user and postgres "ynui" user no the
server to have a different password? I would prefer them not to have
different passwords however if possible.

Any ideas? any help would be appreciated.


Re: pg_hba.conf stuff

From
Jeff Frost
Date:
On Thu, 1 Mar 2007, Rob van der Linde wrote:

> On that server I have a user account, called "ynui", and I also have a
> postgres user called "ynui", they have the same password. Now the
> server's IP is 192.168.0.1
>
> My main postgres conf has in it:
>
> listen_addresses = 'localhost,192.168.0.1'
>
> my pg_hba.conf is:
>
> # "local" is for Unix domain socket connections only
> local   all         all                               md5
> # IPv4 local connections:
> host    all         all         127.0.0.1/32          md5
> # IPv6 local connections:
> host    all         all         ::1/128               md5
> # Internal network
> host    all         all         192.168.0.0/24        md5
>
> Now I have a client PC 192.168.0.10, it's also running Linux and the
> unix account name on this machine is rob. I have the postgres client
> installed on this machine and am connecting like this:
>
> psql -h 192.168.0.1 -U ynui
>
> Now my problem is, because the server has on it a user account "ynui"
> and postgres also has a user called "ynui", with the same password, it
> goes straight in, without asking for the password at all!!!
>
> This is even though I specifically configured the "Internal network"
> section in my pg_hba.conf file for "md5", and this "ynui" unix user is
> actually on the server, not on the client pc. Then why does it still go
> straight in from the client PC without asking for the password for the
> "ynui" user?
>
> Any ideas? is there any way to prevent this automatic login, or is the
> only way to have the unix "ynui" user and postgres "ynui" user no the
> server to have a different password? I would prefer them not to have
> different passwords however if possible.
>
> Any ideas? any help would be appreciated.

Rob,

The local OS user on the server should have no effect on postgres connectivity
when connecting via the network.

Do you by chance have a .pgpass file in the home directory of the OS user
you're using to run psql?

Also, did you reload postgresql after you made the changes to the pg_hba.conf?

--
Jeff Frost, Owner     <jeff@frostconsultingllc.com>
Frost Consulting, LLC     http://www.frostconsultingllc.com/
Phone: 650-780-7908    FAX: 650-649-1954

Re: pg_hba.conf stuff

From
Jeff Frost
Date:
Yes, pgadmin3 uses .pgpass to store its connection info - so that's your
likely culprit.

On Thu, 1 Mar 2007, Rob van der Linde wrote:

> I had a .pgpass file in the home directory of the client PC. It's
> possible PgAdmin III or some other program created it.

--
Jeff Frost, Owner     <jeff@frostconsultingllc.com>
Frost Consulting, LLC     http://www.frostconsultingllc.com/
Phone: 650-780-7908    FAX: 650-649-1954

Re: pg_hba.conf stuff

From
Rob van der Linde
Date:
Yes! that's it, thanks heaps.

I had a .pgpass file in the home directory of the client PC. It's
possible PgAdmin III or some other program created it.

Thanks heaps, now I know it was not actually a security issue with my
server.

On Wed, 2007-02-28 at 17:15 -0800, Jeff Frost wrote:
> On Thu, 1 Mar 2007, Rob van der Linde wrote:
>
> > On that server I have a user account, called "ynui", and I also have a
> > postgres user called "ynui", they have the same password. Now the
> > server's IP is 192.168.0.1
> >
> > My main postgres conf has in it:
> >
> > listen_addresses = 'localhost,192.168.0.1'
> >
> > my pg_hba.conf is:
> >
> > # "local" is for Unix domain socket connections only
> > local   all         all                               md5
> > # IPv4 local connections:
> > host    all         all         127.0.0.1/32          md5
> > # IPv6 local connections:
> > host    all         all         ::1/128               md5
> > # Internal network
> > host    all         all         192.168.0.0/24        md5
> >
> > Now I have a client PC 192.168.0.10, it's also running Linux and the
> > unix account name on this machine is rob. I have the postgres client
> > installed on this machine and am connecting like this:
> >
> > psql -h 192.168.0.1 -U ynui
> >
> > Now my problem is, because the server has on it a user account "ynui"
> > and postgres also has a user called "ynui", with the same password, it
> > goes straight in, without asking for the password at all!!!
> >
> > This is even though I specifically configured the "Internal network"
> > section in my pg_hba.conf file for "md5", and this "ynui" unix user is
> > actually on the server, not on the client pc. Then why does it still go
> > straight in from the client PC without asking for the password for the
> > "ynui" user?
> >
> > Any ideas? is there any way to prevent this automatic login, or is the
> > only way to have the unix "ynui" user and postgres "ynui" user no the
> > server to have a different password? I would prefer them not to have
> > different passwords however if possible.
> >
> > Any ideas? any help would be appreciated.
>
> Rob,
>
> The local OS user on the server should have no effect on postgres connectivity
> when connecting via the network.
>
> Do you by chance have a .pgpass file in the home directory of the OS user
> you're using to run psql?
>
> Also, did you reload postgresql after you made the changes to the pg_hba.conf?
>