Thread: Peer authentication problem in CGI-Perl
I am writing a CGI-Perl script that connects to
PostgreSQL. For this I use the module Pg. I connect to
PostgreSQL using the command
Pg::connectdb("dbname=test user=johndoe
password=pass");
but everytime my connection is refused with the
message:
"Peer authentication failed for user 'johndoe'"
The same thing does NOT happen whenever I login from
shell-prompt with psql:
psql -U johndoe -W test /* no problem here */
Neither is it a problem to connect with Pg module in
non-CGI script ("normal" Perl script that runs on
shell).
Back to the CGI Script, if I try to connect without
user ID & password (only giving database name) the
error message is,
Peer authentication failed for user www-data.
Does this mean I have to create user www-data? Would
the same problem not happen again with user www-data?
Here's my Perl script, please help me:
#!/usr/bin/perl -w
use strict;
use Pg;
use CGI qw(:standard);
my $conn = Pg::connectdb("dbname=test user=johndoe
password=johndoe");
die $conn->errorMessage unless PGRES_CONNECTION_OK eq
$conn->status;
print header, start_html;
my $result = $conn->exec("SELECT surname FROM people
WHERE id=10001");
die $conn->errorMessage unless PGRES_TUPLES_OK eq
$result->resultStatus;
while(my @row = $result->fetchrow) {
print @row, "\n";
}
print end_html;
Thanks beforehand
Arifin
____________________________________________________________
Do You Yahoo!?
Αποκτήστε τη δωρεάν @yahoo.gr διεύθυνση σας στο http://www.otenet.gr
Hi there,
Are you running the Postgres postmaster with -i, to allow remote
connections? -- and is your pg_hba.conf
file edited so as to allow connections from the IP address you're using?
Even if it's your local machine you're testing on, you have to have
Postgres set up to allow TCP/IP connections if you want to test CGI
scripts. (At least, I think that's right: please do correct me, anyone who
knows different.)
best,
Mo
At 17:28 13/02/02, Arifin wrote:
>I am writing a CGI-Perl script that connects to
>PostgreSQL. For this I use the module Pg. I connect to
>PostgreSQL using the command
>
>Pg::connectdb("dbname=test user=johndoe
>password=pass");
>
>but everytime my connection is refused with the
>message:
>
>"Peer authentication failed for user 'johndoe'"
>
>The same thing does NOT happen whenever I login from
>shell-prompt with psql:
>
>psql -U johndoe -W test /* no problem here */
>
>Neither is it a problem to connect with Pg module in
>non-CGI script ("normal" Perl script that runs on
>shell).
>
>Back to the CGI Script, if I try to connect without
>user ID & password (only giving database name) the
>error message is,
>
>Peer authentication failed for user www-data.
>
>Does this mean I have to create user www-data? Would
>the same problem not happen again with user www-data?
>
>Here's my Perl script, please help me:
>
>#!/usr/bin/perl -w
>
>use strict;
>use Pg;
>use CGI qw(:standard);
>
>my $conn = Pg::connectdb("dbname=test user=johndoe
>password=johndoe");
>
>die $conn->errorMessage unless PGRES_CONNECTION_OK eq
> $conn->status;
>
>print header, start_html;
>
>my $result = $conn->exec("SELECT surname FROM people
>WHERE id=10001");
>
>die $conn->errorMessage unless PGRES_TUPLES_OK eq
> $result->resultStatus;
>
>while(my @row = $result->fetchrow) {
> print @row, "\n";
>}
>
>print end_html;
>
>
>Thanks beforehand
>Arifin
Mo Holkar
Undying King Games
mo@ukg.co.uk
Free games! at http://www.ukg.co.uk
On Wed, 2002-02-13 at 18:09, Mo Holkar wrote: > Hi there, > > Are you running the Postgres postmaster with -i, to allow remote > connections? -- and is your pg_hba.conf > file edited so as to allow connections from the IP address you're using? That's not relevant. "peer" authentication is only used (in the Debian packages) for connecting on the same machine through a Unix socket. > Even if it's your local machine you're testing on, you have to have > Postgres set up to allow TCP/IP connections if you want to test CGI > scripts. (At least, I think that's right: please do correct me, anyone who > knows different.) It doesn't sound right. The remote end connects through TCP/IP to the server which runs the CGI script. If the CGI script is running on the same machine as the database, it does not itself need to use a TCP/IP connection. A TCP/IP connection _to_PostgreSQL_ would allow you to run a process on one machine and directly query a PostgreSQL server on another, but that's not the same thing. -- Oliver Elphick Oliver.Elphick@lfix.co.uk Isle of Wight http://www.lfix.co.uk/oliver GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C "The earth is the LORD'S, and the fullness thereof; the world, and they that dwell therein." Psalms 24:1
On Wed, 2002-02-13 at 17:28, arifin purba wrote:
> "Peer authentication failed for user 'johndoe'"
Are you using a Debian package? ("peer" authentication is a non-standard
Debian addition to PostgreSQL. It has been adopted in 7.2 but reworked
and renamed as "ident".)
If so, please let me know the package version and let me see your
pg_hba.conf file.
Unfortunately, I can't at the moment think of any reason why it should
behave differently when passed though the Perl interface.
--
Oliver Elphick Oliver.Elphick@lfix.co.uk
Isle of Wight http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
"The earth is the LORD'S, and the fullness thereof; the
world, and they that dwell therein."
Psalms 24:1
Oliver Elphick <olly@lfix.co.uk> writes:
> On Wed, 2002-02-13 at 17:28, arifin purba wrote:
>> "Peer authentication failed for user 'johndoe'"
> Unfortunately, I can't at the moment think of any reason why it should
> behave differently when passed though the Perl interface.
But it wasn't the Perl interface that was the issue; it was CGI.
I will bet that his CGI environment runs as some other user than he is,
and so the peer mechanism is doing exactly what it's supposed to do:
rejecting a false claim to be PG user so-and-so when the OS knows the
client process is owned by someone else.
regards, tom lane
On Thu, 2002-02-14 at 01:11, Tom Lane wrote: > > Unfortunately, I can't at the moment think of any reason why it should > > behave differently when passed though the Perl interface. > > But it wasn't the Perl interface that was the issue; it was CGI. Too late at night. -- Oliver Elphick Oliver.Elphick@lfix.co.uk Isle of Wight http://www.lfix.co.uk/oliver GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C "God be merciful unto us, and bless us; and cause his face to shine upon us." Psalms 67:1
Thanks for the replies, guys. I'm not at the office today so I can't read the configuration file. As soon as I can I will try your suggestions. And.. uh.. if I double-posted my first email, I apologize. Arifin --- Oliver Elphick <olly@lfix.co.uk> έγραψε: > On Thu, 2002-02-14 at 01:11, Tom Lane wrote: > > > Unfortunately, I can't at the moment think of > any reason why it should > > > behave differently when passed though the Perl > interface. > > > > But it wasn't the Perl interface that was the > issue; it was CGI. > > Too late at night. > > -- > Oliver Elphick > Oliver.Elphick@lfix.co.uk > Isle of Wight > http://www.lfix.co.uk/oliver > GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A > 614D 4C34 3E1D 0C1C > > "God be merciful unto us, and bless us; and > cause his > face to shine upon us." Psalms 67:1 > > > ---------------------------(end of > broadcast)--------------------------- > TIP 6: Have you searched our list archives? > > http://archives.postgresql.org ____________________________________________________________ Do You Yahoo!? Αποκτήστε τη δωρεάν @yahoo.gr διεύθυνση σας στο http://www.otenet.gr