Thread: authentication

authentication

From

"Chris Faulkner"

Date:

23 September 2003, 14:04:10

Hello

I am using postgres in the cygwin environment. I have two services set up -
one launches it with no networking and one with networking so that it runs
on port 5432. Both are fine in terms of the service and I can connect with
psql with both. However, I need to connect with a JDBC connection. I can get
the JDBC connection to work with networking but not without. SInce my Java
app always runs locally, I would like to leave the networking off.

The connection parameter for networking (all OK with this one)
<init-param url="jdbc:postgresql://localhost:5432/template1"/>

With no networking, it is as follows (doesn't connect)
<init-param url="jdbc:postgresql:template1"/>

I have read threads elsewhere which seem to suggest that it can be made to
work like this - any ideas anyone ?

The second part to this is about authentication. I would like to connect
with a low-privileged user, but all users should use a password. This is my
only entry in /usr/share/postgresql/pg_hba.conf

# TYPE    DATABASE    USER    IP-ADDRESS    IP-MASK        METHOD
local        all        all                        password

WHatever change I make to this, psql never prompts when running on the same
machine. Does cygwin support pg_hba.conf ? If I use psql with -U and -W, I
get prompted for a password but it lets me in whatever I type.

Thanks for ANY help or pointers.

Chris

Re: authentication

From

Barry Lind

Date:

23 September 2003, 16:39:14

Chris,

You can't do what you are trying to do with java.  Java does not support
a non-portable concept like unix sockets.  So the only way to connect to
postgres from jdbc is through tcpip.

The two jdbc connection URLs you give below are identical in
functionality.  If you don't specify the machine and port in the URL it
uses the default values of localhost and 5432.

thanks,
--Barry


Chris Faulkner wrote:
> Hello
>
> I am using postgres in the cygwin environment. I have two services set up -
> one launches it with no networking and one with networking so that it runs
> on port 5432. Both are fine in terms of the service and I can connect with
> psql with both. However, I need to connect with a JDBC connection. I can get
> the JDBC connection to work with networking but not without. SInce my Java
> app always runs locally, I would like to leave the networking off.
>
> The connection parameter for networking (all OK with this one)
> <init-param url="jdbc:postgresql://localhost:5432/template1"/>
>
> With no networking, it is as follows (doesn't connect)
> <init-param url="jdbc:postgresql:template1"/>
>
> I have read threads elsewhere which seem to suggest that it can be made to
> work like this - any ideas anyone ?
>
> The second part to this is about authentication. I would like to connect
> with a low-privileged user, but all users should use a password. This is my
> only entry in /usr/share/postgresql/pg_hba.conf
>
> # TYPE    DATABASE    USER    IP-ADDRESS    IP-MASK        METHOD
> local        all        all                        password
>
> WHatever change I make to this, psql never prompts when running on the same
> machine. Does cygwin support pg_hba.conf ? If I use psql with -U and -W, I
> get prompted for a password but it lets me in whatever I type.
>
> Thanks for ANY help or pointers.
>
> Chris
>
>
>
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster
>

Re: authentication

From

"Chris Faulkner"

Date:

23 September 2003, 17:33:27

Hello

Thanks for the feedback. MySQL offers the ability to disable TCP/IP
networking and use named pipes. It would be nice if postgres offered the
same. They claim improved performance but I am not sure of the security
implications, although removing an open tcp/ip port feels safer.


Chris

-----Original Message-----
From: pgsql-jdbc-owner@postgresql.org
[mailto:pgsql-jdbc-owner@postgresql.org]On Behalf Of Barry Lind
Sent: 23 September 2003 17:01
To: Chris Faulkner
Cc: pgsql-jdbc@postgresql.org
Subject: Re: [JDBC] authentication


Chris,

You can't do what you are trying to do with java.  Java does not support
a non-portable concept like unix sockets.  So the only way to connect to
postgres from jdbc is through tcpip.

The two jdbc connection URLs you give below are identical in
functionality.  If you don't specify the machine and port in the URL it
uses the default values of localhost and 5432.

thanks,
--Barry


Chris Faulkner wrote:
> Hello
>
> I am using postgres in the cygwin environment. I have two services set
up -
> one launches it with no networking and one with networking so that it runs
> on port 5432. Both are fine in terms of the service and I can connect with
> psql with both. However, I need to connect with a JDBC connection. I can
get
> the JDBC connection to work with networking but not without. SInce my Java
> app always runs locally, I would like to leave the networking off.
>
> The connection parameter for networking (all OK with this one)
> <init-param url="jdbc:postgresql://localhost:5432/template1"/>
>
> With no networking, it is as follows (doesn't connect)
> <init-param url="jdbc:postgresql:template1"/>
>
> I have read threads elsewhere which seem to suggest that it can be made to
> work like this - any ideas anyone ?
>
> The second part to this is about authentication. I would like to connect
> with a low-privileged user, but all users should use a password. This is
my
> only entry in /usr/share/postgresql/pg_hba.conf
>
> # TYPE    DATABASE    USER    IP-ADDRESS    IP-MASK        METHOD
> local        all        all                        password
>
> WHatever change I make to this, psql never prompts when running on the
same
> machine. Does cygwin support pg_hba.conf ? If I use psql with -U and -W, I
> get prompted for a password but it lets me in whatever I type.
>
> Thanks for ANY help or pointers.
>
> Chris
>
>
>
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster
>




---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
      joining column's datatypes do not match

Re: [CYGWIN] authentication

From

Peter Eisentraut

Date:

23 September 2003, 19:59:11

Chris Faulkner writes:

> I am using postgres in the cygwin environment. I have two services set up -
> one launches it with no networking and one with networking so that it runs
> on port 5432.

You're going to have a pretty hard time connecting to a PostgreSQL server
without networking.  Or what is your definition of no networking?

> # TYPE  DATABASE        USER    IP-ADDRESS      IP-MASK         METHOD
> local           all             all                                             password

> WHatever change I make to this, psql never prompts when running on the same
> machine.

Perhaps you're not connecting through a Unix-domain socket, but instead
via TCP/IP?

--
Peter Eisentraut   peter_e@gmx.net

Re: [CYGWIN] authentication

From

"Chris Faulkner"

Date:

23 September 2003, 21:35:21

By no-networking I meant using --tcip_socket=false. I think this was
accurate. When you run postgres with this option and use unix domain sockets
and connect with psql or pgAdmin, you are connecting to a postgres server
without networking. These work under cygwin, but not from a Java client.

"UNIX domain sockets communicate only between processes on a single host.
Sockets in the UNIX domain are not considered part of the network protocols
because they can be used to communicate only between processes on a single
host."

I guess I brought the vocabulary from MySQL were you use "skip networking"
and the server allows you to connect on the local machine with named pipes,
even with JDBC.

Chris

-----Original Message-----
From: Peter Eisentraut [mailto:peter_e@gmx.net]
Sent: 23 September 2003 20:58
To: Chris Faulkner
Cc: pgsql-cygwin@postgresql.org; pgsql-jdbc@postgresql.org
Subject: Re: [CYGWIN] authentication

Chris Faulkner writes:

> I am using postgres in the cygwin environment. I have two services set
up -
> one launches it with no networking and one with networking so that it runs
> on port 5432.

You're going to have a pretty hard time connecting to a PostgreSQL server
without networking.  Or what is your definition of no networking?

> # TYPE  DATABASE        USER    IP-ADDRESS      IP-MASK         METHOD
> local           all             all
password

> WHatever change I make to this, psql never prompts when running on the
same
> machine.

Perhaps you're not connecting through a Unix-domain socket, but instead
via TCP/IP?

--
Peter Eisentraut   peter_e@gmx.net

Re: [CYGWIN] authentication

From

Tom Lane

Date:

23 September 2003, 22:35:23

"Chris Faulkner" <chrisf@oramap.com> writes:
> I guess I brought the vocabulary from MySQL were you use "skip networking"
> and the server allows you to connect on the local machine with named pipes,
> even with JDBC.

Just out of curiosity, what do they use to support that on the client
side?  We were recently told that there is no pure-Java access to
Unix sockets (a/k/a named pipes), because it's not a portable OS feature.
Do they have a type 4 JDBC driver that handles this?

            regards, tom lane

Re: [CYGWIN] authentication

From

Peter Eisentraut

Date:

23 September 2003, 23:53:43

Chris Faulkner writes:

> By no-networking I meant using --tcip_socket=false. I think this was
> accurate. When you run postgres with this option and use unix domain sockets
> and connect with psql or pgAdmin, you are connecting to a postgres server
> without networking. These work under cygwin, but not from a Java client.

The PostgreSQL JDBC driver cannot connect via Unix-domain sockets, on any
operating system.  So if you want to use that interface, you need to
enable TCP/IP connections.

--
Peter Eisentraut   peter_e@gmx.net

Re: [CYGWIN] authentication

From

Peter Eisentraut

Date:

23 September 2003, 23:56:23

Tom Lane writes:

> Just out of curiosity, what do they use to support that on the client
> side?  We were recently told that there is no pure-Java access to
> Unix sockets (a/k/a named pipes), because it's not a portable OS feature.
> Do they have a type 4 JDBC driver that handles this?

In my book, named pipes are FIFOs, so they'd use normal file system
operations.

--
Peter Eisentraut   peter_e@gmx.net

Re: [CYGWIN] authentication

From

"Chris Faulkner"

Date:

24 September 2003, 06:47:05

In response to your first question - I have no idea ! In my case, the client
side is on the same machine. Initially, I was using the resin MySQL driver
which didn't connect when I was using named pipes. I switched to Connector/J
from mysql.com and it then worked.

Chris

-----Original Message-----
From: pgsql-jdbc-owner@postgresql.org
[mailto:pgsql-jdbc-owner@postgresql.org]On Behalf Of Tom Lane
Sent: 23 September 2003 23:35
To: Chris Faulkner
Cc: Peter Eisentraut; pgsql-jdbc@postgresql.org
Subject: Re: [JDBC] [CYGWIN] authentication

"Chris Faulkner" <chrisf@oramap.com> writes:
> I guess I brought the vocabulary from MySQL were you use "skip networking"
> and the server allows you to connect on the local machine with named
pipes,
> even with JDBC.

Just out of curiosity, what do they use to support that on the client
side?  We were recently told that there is no pure-Java access to
Unix sockets (a/k/a named pipes), because it's not a portable OS feature.
Do they have a type 4 JDBC driver that handles this?

            regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
    (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)