Thread: ident changes between 8.3 and 8.4

ident changes between 8.3 and 8.4

From

Rafael Martinez

Date:

05 November 2009, 12:49:45

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello

We have been using for years and without problems local ident
autentification in the database for our user postgres.

These are the values that we have been using until version 8.3:
pg_hba.conf:
- ------------
local    all         postgres       ident sameuser

pg_ident.conf:
- --------------
sameuser         postgres          postgres

With 8.4, we get this error if we use a map named 'sameuser'.
- -----------------------------------------------------------
FATAL:  Ident authentication failed for user "postgres"
LOG:  no match in usermap for user "postgres" authenticated as "postgres"
CONTEXT:  usermap "sameuser"
- -----------------------------------------------------------

These are the values used with 8.4:
pg_hba.conf:
- ------------
local    all         postgres       ident map=sameuser

pg_ident.conf:
- --------------
sameuser         postgres          postgres

After some investigation, we have found out that everything works
without problems if we change the mapname used by ident to something
different than 'sameuser'.

Is this a bug or have we decided this behavior? I can not find any
documentation explaining that 'sameuser' is not a valid mapname.

regards,
- --Rafael Martinez, <r.m.guerrero@usit.uio.no>Center for Information Technology ServicesUniversity of Oslo, Norway
PGP Public Key: http://folk.uio.no/rafael/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFK8tesBhuKQurGihQRAlYJAKCj079582JocEUoIZfCLbqmsFeo0gCeMdYs
AifiS+Giu8M0r8SJLUYoEyM=
=e+Vz
-----END PGP SIGNATURE-----

Re: ident changes between 8.3 and 8.4

From

Magnus Hagander

Date:

05 November 2009, 13:18:32

On Thu, Nov 5, 2009 at 14:49, Rafael Martinez <r.m.guerrero@usit.uio.no> wrote:
> Hash: SHA1
>
> Hello
>
> We have been using for years and without problems local ident
> autentification in the database for our user postgres.
>
> These are the values that we have been using until version 8.3:
> pg_hba.conf:
> - ------------
> local    all         postgres       ident sameuser
>
> pg_ident.conf:
> - --------------
> sameuser         postgres          postgres
>
> With 8.4, we get this error if we use a map named 'sameuser'.
> - -----------------------------------------------------------
> FATAL:  Ident authentication failed for user "postgres"
> LOG:  no match in usermap for user "postgres" authenticated as "postgres"
> CONTEXT:  usermap "sameuser"
> - -----------------------------------------------------------
>
> These are the values used with 8.4:
> pg_hba.conf:
> - ------------
> local    all         postgres       ident map=sameuser
>
> pg_ident.conf:
> - --------------
> sameuser         postgres          postgres
>
> After some investigation, we have found out that everything works
> without problems if we change the mapname used by ident to something
> different than 'sameuser'.
>
> Is this a bug or have we decided this behavior? I can not find any
> documentation explaining that 'sameuser' is not a valid mapname.

To make 8.4 behave like the previous "ident sameuser" way, just put
"ident". No map is needed.


-- Magnus HaganderMe: http://www.hagander.net/Work: http://www.redpill-linpro.com/

Re: ident changes between 8.3 and 8.4

From

Andrew Dunstan

Date:

05 November 2009, 13:37:56


Magnus Hagander wrote:
> On Thu, Nov 5, 2009 at 14:49, Rafael Martinez <r.m.guerrero@usit.uio.no> wrote:
>   
>> Hash: SHA1
>>
>> Hello
>>
>> We have been using for years and without problems local ident
>> autentification in the database for our user postgres.
>>
>> These are the values that we have been using until version 8.3:
>> pg_hba.conf:
>> - ------------
>> local    all         postgres       ident sameuser
>>
>> pg_ident.conf:
>> - --------------
>> sameuser         postgres          postgres
>>
>> With 8.4, we get this error if we use a map named 'sameuser'.
>> - -----------------------------------------------------------
>> FATAL:  Ident authentication failed for user "postgres"
>> LOG:  no match in usermap for user "postgres" authenticated as "postgres"
>> CONTEXT:  usermap "sameuser"
>> - -----------------------------------------------------------
>>
>> These are the values used with 8.4:
>> pg_hba.conf:
>> - ------------
>> local    all         postgres       ident map=sameuser
>>
>> pg_ident.conf:
>> - --------------
>> sameuser         postgres          postgres
>>
>> After some investigation, we have found out that everything works
>> without problems if we change the mapname used by ident to something
>> different than 'sameuser'.
>>
>> Is this a bug or have we decided this behavior? I can not find any
>> documentation explaining that 'sameuser' is not a valid mapname.
>>     
>
> To make 8.4 behave like the previous "ident sameuser" way, just put
> "ident". No map is needed.
>   


And it is documented in the release notes: 
<http://www.postgresql.org/docs/current/static/release-8-4.html>, which 
the OP should have read when upgrading.

cheers

andrew

Re: ident changes between 8.3 and 8.4

From

Rafael Martinez

Date:

05 November 2009, 14:09:13

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andrew Dunstan wrote:
> 
>
>>> Is this a bug or have we decided this behavior? I can not find any
>>> documentation explaining that 'sameuser' is not a valid mapname.
>>>     
>> To make 8.4 behave like the previous "ident sameuser" way, just put
>> "ident". No map is needed.
>>   
> And it is documented in the release notes:
> <http://www.postgresql.org/docs/current/static/release-8-4.html>, which
> the OP should have read when upgrading.
> 
>

Hei

The release note was read some time ago and it was most probably
misinterpreted.

The release note says:
"Change all authentication options to use name=value syntax"
"Remove the ident sameuser option, instead making that behavior the
default if no usermap is specified"

It says that 'ident sameuser' have been removed, but it does not say
anything about "ident map=sameuser" not being a valid way of defining a
mapname = sameuser.

I still cannot find any references to this under:
19.2. Username maps
19.3.6. Ident-based authentication

Anyway, we know the reason of this behavior now, so this is not a
problem for us anymore, although it could be confusing for others.

regards,
- --Rafael Martinez, <r.m.guerrero@usit.uio.no>Center for Information Technology ServicesUniversity of Oslo, Norway
PGP Public Key: http://folk.uio.no/rafael/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFK8uqIBhuKQurGihQRAhZjAKCVJpZ5x0oXXQ2+cfp5TJizl5jj1ACfaTb0
agXmanpgeo94RWP33drqNJY=
=2OkL
-----END PGP SIGNATURE-----

Re: ident changes between 8.3 and 8.4

From

Tommy Gildseth

Date:

05 November 2009, 14:21:48

Andrew Dunstan skrev:
>     
>>
>> To make 8.4 behave like the previous "ident sameuser" way, just put
>> "ident". No map is needed.
>>   
> 
> 
> And it is documented in the release notes: 
> <http://www.postgresql.org/docs/current/static/release-8-4.html>, which 
> the OP should have read when upgrading.

Except this isn't backwards compatible, in the sense that leaving out 
sameuser on version 8.3 will give a different behaviour. This means that 
the script we are using to generate the pg_hba.conf file, needs to know 
about the version of postgres it's generating the pg_hba.conf file for.

So, the problem isn't in the fact that the syntax has been changed, but 
in the fact that you can't use sameuser as the mapname.

-- 
Tommy Gildseth
DBA, Gruppe for databasedrift
Universitetet i Oslo, USIT
m: +47 45 86 38 50
t: +47 22 85 29 39