Search Postgresql Archives

Re: 8.4 vs. 9.x: 127.0.0.0/8

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dear Martín,

	Thank you for leading us to the right solution!
(We’re also suspecting some change in the networking stack from CentOS 6 to 7 may be playing a part here, too, FYI.) 

-FG

On 11 Aug 2015 6:30 PM, Martín Marqués wrote:

I think there might be some misunderstanding here:

El 11/08/15 a las 17:19, Felipe Gasper escribió:

Hello all,

     We are noticing what appears to be a significant difference between
PostgreSQL 9.x and 8.4. Not having found documentation that would point
us in the direction of a good solution, I thought I’d post our issue here.

On CentOS 6 we have postgresql 8.4.20 and the following pg_hba.conf:

local samerole all        md5
host samerole all  127.0.0.200   255.255.255.255   pam
pamservice=postgresql_cpses
host samerole all  127.0.0.1   255.255.255.255   md5
local all postgres        md5
host all postgres  127.0.0.1   255.255.255.255   md5

So connections to 127.0.0.200 are handled by pam, connections to
127.0.0.1 are handled by md5.


No! This means that connections that come from 127.0.0.200 are handled
by pam, not connection *to*. Same for 127.0.0.1 (which in this case
means nothing).


If I run:
root@jason:/$ psql -h 127.0.0.200 -U pguser
Password for user pguser:
psql: FATAL:  PAM authentication failed for user "pguser"


Which is the source IP where this command is executed.


You can see it tried to authenticate using PAM authentication.

On CentOS 7 we have postgresql 9.2.13 and the following pg_hba.conf:

local samerole all        md5
host samerole all  127.0.0.200   255.255.255.255   pam
pamservice=postgresql_cpses
host samerole all  127.0.0.1   255.255.255.255   md5
local all postgres        md5
host all postgres  127.0.0.1   255.255.255.255   md5

But, running the command above yields a different result:
root@i-0000764a [/usr/local/cpanel]# psql -h 127.0.0.200 -U pguser
Password for user pguser:
psql: FATAL:  password authentication failed for user "pguser"


Well, which is the IP from where you are running this command?

I guess the answer is in some place around that.

Regards,





--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux