Thread: ident fails on win2k host...
i have set up my win2k box with postgres with 7.1.3 cygwin pre-built. i have opened a port in my firewall to allow postgres requests to go through. a remote user is attempting to hit the box but is getting an ident error. in the admin.pdf doc i find the following about ident authentication... "The ident server on the client host is asked for the identity of the connecting user. Postgres then verifies whether the so identified operating system user is allowed to connect as the database user that is requested. This is only available for TCP/IP connections. The authentication option following the ident keyword specifies the name of an ident map that specifies which operating system users equate with which database users. See below for details." does ident authentication work under win2k? if so, does this mean that i need to add my remote user as a user on my win2k machine? if so, what rights do they need to have? and do i need to configure my firewall to allow a different port to be opened up? if i cannot use ident based authentication under cygwin, how do i allow remote users who are using the win32 ODBC driver to connect to the database? should i switch to kerberos? if so, which version? he'p me! he'p me! i been hyp-mo-tized! many thanks, rjsjr
"Robert J. Sanford, Jr." <rsanford@nolimitsystems.com> writes: > does ident authentication work under win2k? AFAIK it should work; it doesn't depend on anything special on the server machine. The questions you need to be asking are (a) does the *client* machine have an ident daemon running; (b) can you reach that ident daemon's port (here's where the firewall might come in); (c) do you trust that ident daemon to tell you the truth (some would say that a machine outside your firewall is ipso facto not to be trusted); (d) have you set up an appropriate ident mapping in the postgres config files? See the documentation. I don't think the fact that you are running the server on top of cygwin affects any of these issues. If you're not clear on why ident auth is failing, look in the postmaster's logfile for the logged error message, which should be more informative than the rejection sent to the client. regards, tom lane
It's rumoured that Robert J. Sanford, Jr. once said: > i have set up my win2k box with postgres with 7.1.3 cygwin pre-built. i > have opened a port in my firewall to allow postgres requests to go > through. a remote user is attempting to hit the box but is getting an > ident error. in the admin.pdf doc i find the following about ident > authentication... > > "The ident server on the client host is asked > for the identity of the connecting user. > Postgres then verifies whether the so identified > operating system user is allowed to connect as > the database user that is requested. This is only > available for TCP/IP connections. The > authentication option following the ident keyword > specifies the name of an ident map that specifies > which operating system users equate with which > database users. See below for details." > > does ident authentication work under win2k? I don't believe it does. > if so, does this mean that i need to add my remote user as a user on my > win2k machine? > > if so, what rights do they need to have? and do i need to configure my > firewall to allow a different port to be opened up? > > if i cannot use ident based authentication under cygwin, how do i allow > remote users who are using the win32 ODBC driver to connect to the > database? should i switch to kerberos? if so, which version? > > he'p me! he'p me! i been hyp-mo-tized! The easiest option would be to use password authentication, and add the user to your PostgreSQL system using CREATE USER xxx WITH PASSWORD 'yyy'. Regards, Dave.
It's rumoured that Tom Lane once said: > "Robert J. Sanford, Jr." <rsanford@nolimitsystems.com> writes: >> does ident authentication work under win2k? > > AFAIK it should work; it doesn't depend on anything special on the > server machine. The questions you need to be asking are > (a) does the *client* machine have an ident daemon running; > (b) can you reach that ident daemon's port (here's where the firewall > might come in); > (c) do you trust that ident daemon to tell you the truth (some would > say that a machine outside your firewall is ipso facto not to be > trusted); > (d) have you set up an appropriate ident mapping in the postgres config > files? > > See the documentation. I don't think the fact that you are running the > server on top of cygwin affects any of these issues. > > If you're not clear on why ident auth is failing, look in the > postmaster's logfile for the logged error message, which should > be more informative than the rejection sent to the client. > > regards, tom lane Win2K doesn't have a native ident service. In my other post on this thread a couple of minutes ago I quoted that I didn't think this ident would work on 2K - due to a minor brain failure I actually meant the failure was on the client side as Tom points out. If your client is Win2K as well, you might find that an identd will run under Cygwin which should help solve your problem. Dave.