Thread: Network authentication

Network authentication

From
Bob Parnes
Date:
I am having trouble connecting to a database on a debian server from a
client system, also debian. Acccording to the documentation, this is
possible without a password and offers the following example,

host    template1   all         192.168.93.0      255.255.255.0     \
  ident sameuser

My pg_hba.conf file has a line,

host    all         all         192.168.1.0       255.255.255.0     \
  ident sameuser

Also, the client system has an account with the same name and password
as an account on the server. However, connection fails with psql after
logging into that account. I can, however, ssh to the server and connect
from there; but there are reasons why I don't want to use ssh with this
project. Anyway, is the documentation wrong, or am I misinterpreting
something?

In addition I noticed that if I have a second line in the pg_hba.conf file,

host    all         all         192.168.1.0       255.255.255.0     md5

coming before the other line, I can connect to the server database using
a password. However, if it follows the line, I cannot. Am I doing
something wrong here also?

Thanks for any help.


--
Bob Parnes
rparnes@megalink.net

Re: Network authentication

From
Doug McNaught
Date:
Bob Parnes <rparnes@megalink.net> writes:

> I am having trouble connecting to a database on a debian server from a
> client system, also debian. Acccording to the documentation, this is
> possible without a password and offers the following example,
>
> host    template1   all         192.168.93.0      255.255.255.0     \
>   ident sameuser

You need to be running an ident daemon on the client machine, and also
to be aware of the security issues involved with ident.

> In addition I noticed that if I have a second line in the pg_hba.conf file,
>
> host    all         all         192.168.1.0       255.255.255.0     md5
>
> coming before the other line, I can connect to the server database using
> a password. However, if it follows the line, I cannot. Am I doing
> something wrong here also?

Only the first matching line in pg_hba.conf is used.

-Doug