Thread: pg_hba.conf problem?

pg_hba.conf problem?

From
"Carlo Florendo"
Date:
Hi,

I try to connect to the postgres db from one machine to the other.
If I set the pg_hba.conf authentication entry for the client machine in the server machine to "trust",
one could  connect successfully.  However, if I change the entry into "crypt" or
"password", one couldn't connect  even if the specified password was
typed correctly.

This is how my pg_shadow looks like:


template1=# select * from pg_shadow;
 usename  | usesysid | usecreatedb | usetrace | usesuper | usecatupd | passwd
valuntil
----------+----------+-------------+----------+----------+-----------+--------+
 postgres  |       26 | t           | t        | t        | t         | abc123 |
 amgarcia |       27 | t           | f        | f        | f         | abc123 |
(2 rows)


This one below is part of my pg_hba.conf file:

# This default configuration allows any local user to connect as any
# PostgreSQL username, over either UNIX domain sockets or IP:

host         all         127.0.0.1     255.255.255.255     crypt
host         athena      172.28.61.13  255.255.255.255     trust   amgarcia

# If you want to allow non-local connections, you will need to add more
# "host" records (and don't forget to start the postmaster with "-i"!).


Basically, I want user "amgarcia" to authenticate before connecting to the database.
If I change the "trust" to "crypt", the server asks for a password.  It, however, does
not want to accept the password "abc123".

This is how the client (coolio) connects to the server (tissue) to the database
"athena".

amgarcia@coolio ~$ psql -d athena -h tissue.ntsp.nec.co.jp amgarcia
Password:

I enter the correct password  "abc123"  but I get this message:

psql: Password authentication failed for user 'amgarcia'


If I change "password" or "crypt" into "trust", there is no problem in connecting.
However, this is not what I want.  I want user "amgarcia" to be able to authenticate
first before connecting to the server.

How could I do this?  (I use postgres 7.1.3 under redhat 7.2)

Thanks a lot!!!!!

Carlo  F. Florendo
NEC Telecoms
fcarlo@ntsp.nec.co.jp






Re: pg_hba.conf problem?

From
Tom Lane
Date:
"Carlo Florendo" <fcarlo@ntsp.nec.co.jp> writes:
> If I set the pg_hba.conf authentication entry for the client machine
> in the server machine to "trust", one could connect successfully.
> However, if I change the entry into "crypt" or "password", one
> couldn't connect even if the specified password was typed correctly.

Are you sure you tried "password" mode?  One of the problems with
"crypt" is that the crypt library function isn't the same on all
platforms, so there are cases where a client on one machine can't
compute the right crypted password to send to a server on another.
(7.2's MD5 encryption mode avoids this problem, btw.)

            regards, tom lane

Re: pg_hba.conf problem?

From
Stephan Szabo
Date:
> This one below is part of my pg_hba.conf file:
>
> # This default configuration allows any local user to connect as any
> # PostgreSQL username, over either UNIX domain sockets or IP:
>
> host         all         127.0.0.1     255.255.255.255     crypt
> host         athena      172.28.61.13  255.255.255.255     trust   amgarcia

> Basically, I want user "amgarcia" to authenticate before connecting to the database.
> If I change the "trust" to "crypt", the server asks for a password.  It, however, does
> not want to accept the password "abc123".

Do you have a file amgarcia in your $PGDATA?  AFAIK the last parameter is
not a username it's an external file containing users that are allowed to
authenticate.