Thread: BUG #8114: Peer authentication in cgi-perl
The following bug has been logged on the website:
Bug reference: 8114
Logged by: Kenneth Robinette
Email address: support@securenetterm.com
PostgreSQL version: 9.1.0
Operating system: Ubuntu 12.04.2
Description: =
I am having the same problem described in:
5.1.0.14.2.20020213180151.04bd2250@pop.ntlworld.com =
The cgi-script I am using works on a CentOS 6.4 system using PostgreSQL
version 8.4 and several older centos/redhat systems. The pg_hba.conf and
postgresql.conf are setup the same on all systems.
When trying to connect On the Ubuntu 12.04.2 system, the database connect is
aborted. The following messages are in the postgresql-9.1-main.log. The
real username has been replaced by xxxxxxxx:
2013-04-24 16:23:18 CDT LOG: provided user name (xxxxxxxx) and
authenticated user name (www-data) do not match
2013-04-24 16:23:18 CDT FATAL: Peer authentication failed for user
"xxxxxxxx"
On 4/24/2013 3:21 PM, support@securenetterm.com wrote: > The following bug has been logged on the website: > > Bug reference: 8114 > Logged by: Kenneth Robinette > Email address:support@securenetterm.com > PostgreSQL version: 9.1.0 > Operating system: Ubuntu 12.04.2 > Description: > > I am having the same problem described in: > 5.1.0.14.2.20020213180151.04bd2250@pop.ntlworld.com > > The cgi-script I am using works on a CentOS 6.4 system using PostgreSQL > version 8.4 and several older centos/redhat systems. The pg_hba.conf and > postgresql.conf are setup the same on all systems. > > When trying to connect On the Ubuntu 12.04.2 system, the database connect is > aborted. The following messages are in the postgresql-9.1-main.log. The > real username has been replaced by xxxxxxxx: > > 2013-04-24 16:23:18 CDT LOG: provided user name (xxxxxxxx) and > authenticated user name (www-data) do not match > 2013-04-24 16:23:18 CDT FATAL: Peer authentication failed for user > "xxxxxxxx" this isn't a bug, you can't use 'peer' (formerly known as ident sameuser) authentication to connect as a different role than your system username, unless you create an 'indent map'. you perhaps moved your 'same postgresql.conf and pg_hba.conf' files to the wrong place on ubuntu? debian/ubuntu put the config files under /etc/postgresql/..... also, there have been changes in the various config files between 8.4 and 9.1 such that copying the file from the older system might not run optimally on the newer. -- john r pierce 37N 122W somewhere on the middle of the left coast
I have never used 'ident map" on any system. Yes, I know where the postgresql.conf and pg_hba.conf' files are located on Ubuntu, since I stated I modified them to allow internet connections and to use proper authentication. PostgreSQL has always allowed the apache user (nobody or apache) on some systems and the requested user (xxxxxxxx) to allow one to connect to the database from an external system. Its only the Ubuntu 12.04 (and perhaps earlier versions) that does not allow the apache user (www-data) and provided data to be different. So, what you appear to be saying is PostgreSQL acts differently on Ubuntu then it does on all other systems. Very strange. -- View this message in context: http://postgresql.1045698.n5.nabble.com/BUG-8114-Peer-authentication-in-cgi-perl-tp5753216p5753244.html Sent from the PostgreSQL - bugs mailing list archive at Nabble.com.
On 4/25/2013 5:22 AM, netterm wrote: > Its only the Ubuntu 12.04 (and perhaps earlier versions) that does not allow > the apache user (www-data) > and provided data to be different. that error message can only happen with PEER fka IDENT authentication. if peer/ident is in effect, than NO user could connect as anyone other than themselves authentication types are managed via pg_hba.conf -- john r pierce 37N 122W somewhere on the middle of the left coast