Thread: BUG #3049: psql does not honor md5 in pg_hba.conf file

BUG #3049: psql does not honor md5 in pg_hba.conf file

From

"Aaron Zedonis"

Date:

22 February 2007, 21:39:26

The following bug has been logged online:

Bug reference:      3049
Logged by:          Aaron Zedonis
Email address:      azedonis@ntag.com
PostgreSQL version: 8.1
Operating system:   Windows
Description:        psql does not honor md5 in pg_hba.conf file
Details:

I have set up a server on a Linux machine, in my case the IP is 10.0.0.104.
I have configured the pga_hba.conf file so that all external requests
require password authentication.  e.g.

# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
local   all         all                                trust
host    all         all         127.0.0.1/32           md5
host    ntag        ntag        10.0.0.104  255.255.255.0  md5
host    ntag        report      207.145.64.220  255.255.255.248  md5

When I attempt to login from a different Linux machine, I am correctly
challenged for my password.  e.g.

$ /usr/local/pgsql/bin/psql -h 10.0.0.104 -U ntag ntag
Password for user ntag:
Welcome to psql 8.1.4, the PostgreSQL interactive terminal.
...

When I attempt to login from a Windows machine, I am not challenged for my
password:

C:\Documents and Settings\azedonis>psql -h 10.0.0.104 -U ntag ntag
Welcome to psql 8.1.4, the PostgreSQL interactive terminal.
...

Logging in from the DOS prompt, or a Cygwin terminal has the same result.

If (from the Windows machine) I attempt to login with the postgres user, I
get the following error:
psql: FATAL:  no pg_hba.conf entry for host "10.0.0.60", user "postgres",
database "ntag"

So, it is reading the pg_hba.conf file.

As another test, I changed the pg_hba.conf file to require md5
authentication on all (including local) connections, and I restarted the
postmaster.  This had no impact on the above tests.

The pgAdmin III tool for Windows correctly honors the pg_hba.conf file.

Re: BUG #3049: psql does not honor md5 in pg_hba.conf file

From

Magnus Hagander

Date:

23 February 2007, 07:31:08

Aaron Zedonis wrote:
> The following bug has been logged online:
>
> Bug reference:      3049
> Logged by:          Aaron Zedonis
> Email address:      azedonis@ntag.com
> PostgreSQL version: 8.1
> Operating system:   Windows
> Description:        psql does not honor md5 in pg_hba.conf file
> Details:
>
> I have set up a server on a Linux machine, in my case the IP is 10.0.0.104.
> I have configured the pga_hba.conf file so that all external requests
> require password authentication.  e.g.
>
> # TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
> local   all         all                                trust
> host    all         all         127.0.0.1/32           md5
> host    ntag        ntag        10.0.0.104  255.255.255.0  md5
> host    ntag        report      207.145.64.220  255.255.255.248  md5
>
> When I attempt to login from a different Linux machine, I am correctly
> challenged for my password.  e.g.
>
> $ /usr/local/pgsql/bin/psql -h 10.0.0.104 -U ntag ntag
> Password for user ntag:
> Welcome to psql 8.1.4, the PostgreSQL interactive terminal.
> ...
>
> When I attempt to login from a Windows machine, I am not challenged for my
> password:
>
> C:\Documents and Settings\azedonis>psql -h 10.0.0.104 -U ntag ntag
> Welcome to psql 8.1.4, the PostgreSQL interactive terminal.
> ...
>
> Logging in from the DOS prompt, or a Cygwin terminal has the same result.
>
> If (from the Windows machine) I attempt to login with the postgres user, I
> get the following error:
> psql: FATAL:  no pg_hba.conf entry for host "10.0.0.60", user "postgres",
> database "ntag"
>
> So, it is reading the pg_hba.conf file.
>
> As another test, I changed the pg_hba.conf file to require md5
> authentication on all (including local) connections, and I restarted the
> postmaster.  This had no impact on the above tests.
>
> The pgAdmin III tool for Windows correctly honors the pg_hba.conf file.


I think you are confusing server-side configuration with client-side
configuration. pg_hba is *only* parsed by the server, and the client has
no effect on it at all.

It looks a lot like you have a pgpass.conf file on your Windows machine,
possibly created by clicking "save password" in pgAdmin III. See
http://www.postgresql.org/docs/8.1/static/libpq-pgpass.html.

//Magnus