Re: confirming security.

Maz Mohammadi <mmohammadi@xxxxxxxxxxx> · Fri, 22 Feb 2013 10:13:54 -0600

Ahhh yes....it is now...

===========
# TYPE  DATABASE        USER            ADDRESS                 METHOD
# "local" is for Unix domain socket connections only
#local   all             all                                     trust
# IPv4 local connections:
#host    all             all             127.0.0.1/32            trust
# IPv6 local connections:
#host    all             all             ::1/128                 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local   replication     postgres-xc                                trust
#host    replication     postgres-xc        127.0.0.1/32            trust
#host    replication     postgres-xc        ::1/128                 trust
hostssl all             all             127.0.0.1/32            cert
===========
And the result...

postgres-xc@adminuser-VirtualBox:~/coord$ psql -h localhost testdb
psql: FATAL:  connection requires a valid client certificate
FATAL:  no pg_hba.conf entry for host "127.0.0.1", user "postgres-xc", database "testdb", SSL off

Thank you so much!

-----Original Message-----
From: Adrian Klaver [mailto:adrian.klaver@xxxxxxxxx] 
Sent: Friday, February 22, 2013 10:58 AM
To: Maz Mohammadi
Cc: John R Pierce; pgsql-general@xxxxxxxxxxxxxx
Subject: Re:  confirming security.

On 02/22/2013 07:50 AM, Maz Mohammadi wrote:
> Thx John,
>
> It got me a long way.  I actually have a more complex installation (I
> think) that I originally thought on my test linux box.  Looks like all 
> the files that I modify are under /var/lib/post../coord.
>
> I added the line.. to pg_hba.conf
>
> hostssl   all           all           127.0.0.1/32       cert
>
> and after restarting the coordinator node, it errored because I had to 
> modify postgresql.conf (ssl=off) .  So I feel that the server is now 
> running in SSL mode.
>
> But when I used psql...I'm getting this....
>
> ==============
>
> postgres-xc@adminuser-VirtualBox:~/coord$ psql -h localhost testdb
>
> psql (PGXC 1.0.0, based on PG 9.1.4)
>
> SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
>
> Type "help" for help.
>
> testdb=# select 2+2;
>
> ?column?
>
> ----------
>
>          4
>
> (1 row)
>
> testdb=# \q
>
> ==============
>
> It's telling me it's through an SSL connection, but I didn't specify 
> any keystore on my side for psql?  Does it pick it up from somewhere?
>
> Any help is greatly appreciated J
>
> Postgresql isn't half bad ;)
>

Is the above line from pg_hba.conf the only one in the file?

If not could you post the entire file contents?

Remember in pg_hba.conf first match wins.

--
Adrian Klaver
adrian.klaver@xxxxxxxxx

-- 
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general