Search Postgresql Archives

Re: strange behavior of pg_hba.conf file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 11/22/23 10:03 AM, Atul Kumar wrote:
Please can you share any command  for due diligence whether ip is resolved to ipv6 ?.


This:

psql -d postgres -U postgres -p 5432 -h localhost

where pretty sure

/etc/hosts

is resolving localhost --> ::1


On Wed, Nov 22, 2023 at 11:25 PM Andreas Kretschmer <andreas@xxxxxxxxxxxxxxx> wrote:


Am 22.11.23 um 18:44 schrieb Atul Kumar:
> I am giving this command
> psql -d postgres -U postgres -p 5432 -h localhost
> Then only I get that error.

so localhost resolved to an IPv6 - address ...

>
> but when I  pass ip or hostname of the local server then I don't get
> such error message
> 1. psql -d postgres -U postgres -p 5432 -h <ip of local server>
> 2. psql -d postgres -U postgres -p 5432 -h <hostname of local server>

resolves to an IPv4 - address. you can see the difference?

localhost != iv4-address != hostname with ipv4 address

Andreas

>
>
> I don;t get that error while using the above two commands.
>
>
> Regards.
>
>
> On Wed, Nov 22, 2023 at 10:45 PM Adrian Klaver
> <adrian.klaver@xxxxxxxxxxx> wrote:
>
>     On 11/22/23 09:03, Atul Kumar wrote:
>     > The entries that I changed were to replace the md5 with
>     scram-sha-256
>     > and remove unnecessary remote IPs.
>
>     FYI from:
>
>     https://www.postgresql.org/docs/current/auth-password.html
>
>     md5
>
>          The method md5 uses a custom less secure challenge-response
>     mechanism. It prevents password sniffing and avoids storing
>     passwords on
>     the server in plain text but provides no protection if an attacker
>     manages to steal the password hash from the server. Also, the MD5
>     hash
>     algorithm is nowadays no longer considered secure against determined
>     attacks.
>
>          The md5 method cannot be used with the db_user_namespace feature.
>
>          To ease transition from the md5 method to the newer SCRAM
>     method,
>     if md5 is specified as a method in pg_hba.conf but the user's
>     password
>     on the server is encrypted for SCRAM (see below), then SCRAM-based
>     authentication will automatically be chosen instead.
>
>     >
>     > But it has nothing to do with connecting the server locally with
>     "psql
>     > -d postgres -U postgres -h localhost"
>
>     The error:
>
>     no pg_hba.conf entry for host "::1", user "postgres", database
>     "postgres
>
>
>     says it does and the error is correct as you do not have an IPv6
>     entry
>     for localhost in pg_hba.conf. At least in the snippet you showed us.
>
>
>     >
>     > But when I try to connect it locally I get this error. So it is
>     related
>
>     When you say connect locally do you mean to localhost or to
>     local(socket)?
>
>     > to local connections only and when I pass the hostname or ip of the
>     > server it works fine without any issue.
>     >
>     >
>     > Regards.
>     >
>
>     --
>     Adrian Klaver
>     adrian.klaver@xxxxxxxxxxx
>

--
Andreas Kretschmer - currently still (garden leave)
Technical Account Manager (TAM)
www.enterprisedb.com




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux