Postgres Pro
Downloads
Home   >   mailing lists

Thread: ident fails on win2k host...

ident fails on win2k host...

From
"Robert J. Sanford, Jr."
Date:
i have set up my win2k box with postgres with 7.1.3 cygwin pre-built. i have
opened a port in my firewall to allow postgres requests to go through. a
remote user is attempting to hit the box but is getting an ident error. in
the admin.pdf doc i find the following about ident authentication...

   "The ident server on the client host is asked
   for the identity of the connecting user.
   Postgres then verifies whether the so identified
   operating system user is allowed to connect as
   the database user that is requested. This is only
   available for TCP/IP connections. The
   authentication option following the ident keyword
   specifies the name of an ident map that specifies
   which operating system users equate with which
   database users. See below for details."

does ident authentication work under win2k?

if so, does this mean that i need to add my remote user as a user on my
win2k machine?

if so, what rights do they need to have? and do i need to configure my
firewall to allow a different port to be opened up?

if i cannot use ident based authentication under cygwin, how do i allow
remote users who are using the win32 ODBC driver to connect to the database?
should i switch to kerberos? if so, which version?

he'p me! he'p me! i been hyp-mo-tized!

many thanks,

rjsjr

Re: ident fails on win2k host...

From
Tom Lane
Date:
"Robert J. Sanford, Jr." <rsanford@nolimitsystems.com> writes:
> does ident authentication work under win2k?

AFAIK it should work; it doesn't depend on anything special on the
server machine.  The questions you need to be asking are
(a) does the *client* machine have an ident daemon running;
(b) can you reach that ident daemon's port (here's where the firewall
might come in);
(c) do you trust that ident daemon to tell you the truth (some would
say that a machine outside your firewall is ipso facto not to be
trusted);
(d) have you set up an appropriate ident mapping in the postgres config
files?

See the documentation.  I don't think the fact that you are running
the server on top of cygwin affects any of these issues.

If you're not clear on why ident auth is failing, look in the
postmaster's logfile for the logged error message, which should
be more informative than the rejection sent to the client.

            regards, tom lane

Re: [CYGWIN] ident fails on win2k host...

From
"Dave Page"
Date:
It's rumoured that Robert J. Sanford, Jr. once said:
> i have set up my win2k box with postgres with 7.1.3 cygwin pre-built. i
> have opened a port in my firewall to allow postgres requests to go
> through. a remote user is attempting to hit the box but is getting an
> ident error. in the admin.pdf doc i find the following about ident
> authentication...
>
>   "The ident server on the client host is asked
>   for the identity of the connecting user.
>   Postgres then verifies whether the so identified
>   operating system user is allowed to connect as
>   the database user that is requested. This is only
>   available for TCP/IP connections. The
>   authentication option following the ident keyword
>   specifies the name of an ident map that specifies
>   which operating system users equate with which
>   database users. See below for details."
>
> does ident authentication work under win2k?

I don't believe it does.

> if so, does this mean that i need to add my remote user as a user on my
> win2k machine?
>
> if so, what rights do they need to have? and do i need to configure my
> firewall to allow a different port to be opened up?
>
> if i cannot use ident based authentication under cygwin, how do i allow
> remote users who are using the win32 ODBC driver to connect to the
> database? should i switch to kerberos? if so, which version?
>
> he'p me! he'p me! i been hyp-mo-tized!

The easiest option would be to use password authentication, and add the
user to your PostgreSQL system using CREATE USER xxx WITH PASSWORD 'yyy'.

Regards, Dave.

Re: [CYGWIN] ident fails on win2k host...

From
"Dave Page"
Date:
It's rumoured that Tom Lane once said:
> "Robert J. Sanford, Jr." <rsanford@nolimitsystems.com> writes:
>> does ident authentication work under win2k?
>
> AFAIK it should work; it doesn't depend on anything special on the
> server machine.  The questions you need to be asking are
> (a) does the *client* machine have an ident daemon running;
> (b) can you reach that ident daemon's port (here's where the firewall
> might come in);
> (c) do you trust that ident daemon to tell you the truth (some would
> say that a machine outside your firewall is ipso facto not to be
> trusted);
> (d) have you set up an appropriate ident mapping in the postgres config
> files?
>
> See the documentation.  I don't think the fact that you are running the
> server on top of cygwin affects any of these issues.
>
> If you're not clear on why ident auth is failing, look in the
> postmaster's logfile for the logged error message, which should
> be more informative than the rejection sent to the client.
>
>             regards, tom lane

Win2K doesn't have a native ident service. In my other post on this thread
a couple of minutes ago I quoted that I didn't think this ident would work
on 2K - due to a minor brain failure I actually meant the failure was on
the client side as Tom points out. If your client is Win2K as well, you
might find that an identd will run under Cygwin which should help solve
your problem.

Dave.