Thread: Socket & TCP connections

Socket & TCP connections

From
Nilesh Govindarajan
Date:
Hi,

I'm trying to setup PostgreSQL so that, it will not ask password when
connected locally (socket) whereas it will ask when connected using
TCP/IP. This should apply ONLY to root account. But this is not working -

local all root trust
local all all md5
# IPv4 local connections:
#host all root 127.0.0.1/32 trust
#host all root ::1/128 trust
host all all 127.0.0.1/32 md5
host all all ::1/128 md5

I cannot give passwordless access to TCP/IP because then it will become
a big security hole using PhpPgAdmin exposed to the public.

--
Nilesh Govindarajan
Site & Server Administrator
www.itech7.com
मेरा भारत महान !
मम भारत: महत्तम भवतु !

Re: Socket & TCP connections

From
Guillaume Lelarge
Date:
Le 28/03/2010 19:11, Nilesh Govindarajan a écrit :
> [...]
> I'm trying to setup PostgreSQL so that, it will not ask password when
> connected locally (socket) whereas it will ask when connected using
> TCP/IP. This should apply ONLY to root account. But this is not working -
>
> local all root trust
> local all all md5
> # IPv4 local connections:
> #host all root 127.0.0.1/32 trust
> #host all root ::1/128 trust
> host all all 127.0.0.1/32 md5
> host all all ::1/128 md5
>
> I cannot give passwordless access to TCP/IP because then it will become
> a big security hole using PhpPgAdmin exposed to the public.
>

Could you be more specific on what's not working? the exact error
message would be a great help. BTW, your settings are good for local
access, but you only allow localhost TCP/IP access.


--
Guillaume.
 http://www.postgresqlfr.org
 http://dalibo.com

Re: Socket & TCP connections

From
Nilesh Govindarajan
Date:
On 03/29/2010 02:51 AM, Guillaume Lelarge wrote:
> Le 28/03/2010 19:11, Nilesh Govindarajan a écrit :
>> [...]
>> I'm trying to setup PostgreSQL so that, it will not ask password when
>> connected locally (socket) whereas it will ask when connected using
>> TCP/IP. This should apply ONLY to root account. But this is not working -
>>
>> local all root trust
>> local all all md5
>> # IPv4 local connections:
>> #host all root 127.0.0.1/32 trust
>> #host all root ::1/128 trust
>> host all all 127.0.0.1/32 md5
>> host all all ::1/128 md5
>>
>> I cannot give passwordless access to TCP/IP because then it will become
>> a big security hole using PhpPgAdmin exposed to the public.
>>
>
> Could you be more specific on what's not working? the exact error
> message would be a great help. BTW, your settings are good for local
> access, but you only allow localhost TCP/IP access.
>
>

There's no error message as such. It doesn't do what is expected -
should not ask passwords for localhost.

If I connect as psql -U root -d postgres -h localhost, it still asks me
for password.

--
Nilesh Govindarajan
Site & Server Administrator
www.itech7.com
मेरा भारत महान !
मम भारत: महत्तम भवतु !

Re: Socket & TCP connections

From
Nilesh Govindarajan
Date:
Hi, it seems to be working now. Can somebody explain to me how ? See
this pg_hba.conf -

# "local" is for Unix domain socket connections only
local all root trust
local all all md5
# IPv4 local connections:
#host all root 127.0.0.1/32 trust
#host all root ::1/128 trust
host all all 127.0.0.1/32 md5
host all all ::1/128 md5

Its the same code I think which I wrote previously. But now it asks
password when connected through TCP and doesn't when connected directly
as psql -d postgres

PLZ EXPLAIN !! I'm in a big confusion :?

--
Nilesh Govindarajan
Site & Server Administrator
www.itech7.com
मेरा भारत महान !
मम भारत: महत्तम भवतु !

Re: Socket & TCP connections

From
Guillaume Lelarge
Date:
Le 29/03/2010 04:04, Nilesh Govindarajan a écrit :
> Hi, it seems to be working now. Can somebody explain to me how ? See
> this pg_hba.conf -
>
> # "local" is for Unix domain socket connections only
> local all root trust
> local all all md5
> # IPv4 local connections:
> #host all root 127.0.0.1/32 trust
> #host all root ::1/128 trust
> host all all 127.0.0.1/32 md5
> host all all ::1/128 md5
>
> Its the same code I think which I wrote previously. But now it asks
> password when connected through TCP and doesn't when connected directly
> as psql -d postgres
>
> PLZ EXPLAIN !! I'm in a big confusion :?
>

You probably forgot to reload the configuration after modifying it, and
then someone reloaded it or restarted the server, and PostgreSQL was
able to use the new configuration.


--
Guillaume.
 http://www.postgresqlfr.org
 http://dalibo.com

Re: Socket & TCP connections

From
Nilesh Govindarajan
Date:
On 03/29/2010 12:50 PM, Guillaume Lelarge wrote:
> Le 29/03/2010 04:04, Nilesh Govindarajan a écrit :
>> Hi, it seems to be working now. Can somebody explain to me how ? See
>> this pg_hba.conf -
>>
>> # "local" is for Unix domain socket connections only
>> local all root trust
>> local all all md5
>> # IPv4 local connections:
>> #host all root 127.0.0.1/32 trust
>> #host all root ::1/128 trust
>> host all all 127.0.0.1/32 md5
>> host all all ::1/128 md5
>>
>> Its the same code I think which I wrote previously. But now it asks
>> password when connected through TCP and doesn't when connected directly
>> as psql -d postgres
>>
>> PLZ EXPLAIN !! I'm in a big confusion :?
>>
>
> You probably forgot to reload the configuration after modifying it, and
> then someone reloaded it or restarted the server, and PostgreSQL was
> able to use the new configuration.
>
>

Yeah may be. But I remember issuing killall -HUP postmaster after every
change.

--
Nilesh Govindarajan
Site & Server Administrator
www.itech7.com
मेरा भारत महान !
मम भारत: महत्तम भवतु !

Re: Socket & TCP connections

From
Robert Gravsjö
Date:

Nilesh Govindarajan skrev 2010-03-29 04.04:
> Hi, it seems to be working now. Can somebody explain to me how ? See
> this pg_hba.conf -

Did you reload the config, i.e pg_ctl reload, after making changes the
first time?

Regards,
roppert

>
> # "local" is for Unix domain socket connections only
> local all root trust
> local all all md5
> # IPv4 local connections:
> #host all root 127.0.0.1/32 trust
> #host all root ::1/128 trust
> host all all 127.0.0.1/32 md5
> host all all ::1/128 md5
>
> Its the same code I think which I wrote previously. But now it asks
> password when connected through TCP and doesn't when connected directly
> as psql -d postgres
>
> PLZ EXPLAIN !! I'm in a big confusion :?
>