Re: hba conf ident sameuser not working

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Feb 15, 2006 at 11:27:36AM +0100, Peter Eisentraut wrote:
> David Bear wrote:
> > now, when I connection to postgres from remote machines I ssh into
> > the pg server, but I tunnel postgres traffic. The ident sameuser
> > prevents tunneled connections from working.
> 
> That is not true.  Please give more detail so we can figure out what is 
> really wrong.

ok. 2 machine, mine is called teancum. The server running postgresql
is called dbsrv1.


starting with:
==================
iddwb@teancum:~> ssh -L 6666:localhost:5432 iddwb@dbsrv1
Password:
Last login: Tue Feb 14 20:21:08 2006 from teancum
Have a lot of fun...
iddwb@dbsrv1:~> psql
Welcome to psql 8.0.3, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help with psql commands
       \g or terminate with semicolon to execute query
       \q to quit

iddwb=> \q
iddwb@dbsrv1:~> psql -U tlhowell
psql: FATAL:  Ident authentication failed for user "tlhowell"

=====================

This is what I expect.

users on dbsrv1 must be who they are.

now, back on teancum that has the tunnel on port 6666, I do this:

===================
iddwb@teancum:~> psql -p 6666 -h localhost -U tlhowell
psql: FATAL:  Ident authentication failed for user "tlhowell"
iddwb@teancum:~> psql -p 6666 -h localhost -U iddwb
psql: FATAL:  Ident authentication failed for user "iddwb"

===================

That is with the following pg_hba.conf

==================

# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD

# "local" is for Unix domain socket connections only
local   all         all                               ident sameuser
# IPv4 local connections:
host    all         all         127.0.0.1/32          ident sameuser
# IPv6 local connections:
host    all         all         ::1/128               ident sameuser

===================

Now, if I change the connection for 'host' to use the trust method, I
can connect as any user from psql AFTER I have already authenticated
and setup the ssh tunnel.

> 
> -- 
> Peter Eisentraut
> http://developer.postgresql.org/~petere/

-- 
David Bear
phone: 	480-965-8257
fax: 	480-965-9189
College of Public Programs/ASU
Wilson Hall 232
Tempe, AZ 85287-0803
 "Beware the IP portfolio, everyone will be suspect of trespassing"
[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux