Thread: local authentication with md5
Hi all I have set my authentication to # "local" is for Unix domain socket connections only local all all md5 #ident sameuser for security reasons this leads to this problem when trying to run a script: 30-Mar 17:47 collab-dir: BeforeJob: run command "/etc/bacula/scripts/make_catalog_backup bacula postgres 'md5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'" 30-Mar 17:47 collab-dir: BeforeJob: pg_dump: [archiver (db)] connection to database "bacula" failed: FATAL: Ident authentication failed for user "postgres" how does one pass an md5 encrypted pw to postgres? I tried it with clear as well, but that failed too. Not happy doing that anyway. many thanks in advance Bernhard -- Graylion's Fetish & Fashion Store Goth and Kinky Boots, Clothing and Jewellery http://www.graylion.net
Bernhard D Rohrer wrote: > Hi all > > I have set my authentication to > > # "local" is for Unix domain socket connections only > local all all md5 #ident sameuser > > for security reasons > > this leads to this problem when trying to run a script: > > 30-Mar 17:47 collab-dir: BeforeJob: run command > "/etc/bacula/scripts/make_catalog_backup bacula postgres > 'md5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'" > 30-Mar 17:47 collab-dir: BeforeJob: pg_dump: [archiver (db)] > connection to database "bacula" failed: FATAL: Ident authentication > failed for user "postgres" > > how does one pass an md5 encrypted pw to postgres? I tried it with > clear as well, but that failed too. Not happy doing that anyway. > > many thanks in advance > > Bernhard > sorted, thanks! -- Graylion's Fetish & Fashion Store Goth and Kinky Boots, Clothing and Jewellery http://www.graylion.net
Bernhard D Rohrer <graylion@sm-wg.net> writes:
> I have set my authentication to
> # "local" is for Unix domain socket connections only
> local all all md5 #ident sameuser
Are you sure this actually took effect (ie did you "pg_ctl reload")?
> 30-Mar 17:47 collab-dir: BeforeJob: run command
> "/etc/bacula/scripts/make_catalog_backup bacula postgres
> 'md5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'"
> 30-Mar 17:47 collab-dir: BeforeJob: pg_dump: [archiver (db)] connection
> to database "bacula" failed: FATAL: Ident authentication failed for user
> "postgres"
It's clear that this connection is trying to use ident not md5.
Either you didn't make the pg_hba edit take effect, or bacula
is trying to use TCP instead of Unix-socket connection and you
still have the "host" line set to ident.
regards, tom lane
Tom Lane wrote: > Bernhard D Rohrer <graylion@sm-wg.net> writes: >> I have set my authentication to >> # "local" is for Unix domain socket connections only >> local all all md5 #ident sameuser > > Are you sure this actually took effect (ie did you "pg_ctl reload")? > >> 30-Mar 17:47 collab-dir: BeforeJob: run command >> "/etc/bacula/scripts/make_catalog_backup bacula postgres >> 'md5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'" >> 30-Mar 17:47 collab-dir: BeforeJob: pg_dump: [archiver (db)] connection >> to database "bacula" failed: FATAL: Ident authentication failed for user >> "postgres" > > It's clear that this connection is trying to use ident not md5. > Either you didn't make the pg_hba edit take effect, or bacula > is trying to use TCP instead of Unix-socket connection and you > still have the "host" line set to ident. > > regards, tom lane The bizarre thing is that removing #ident sameuser solved it clearly the # is not parsed correctly after a statement cheers Bernhard -- Graylion's Fetish & Fashion Store Goth and Kinky Boots, Clothing and Jewellery http://www.graylion.net