Search Postgresql Archives

Re: Multiple connections over VPN password fail error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On 9 Feb 2024, at 08:41, Sanjay Minni <sanjay.minni@xxxxxxxxx> wrote:

> while trying to make multiple connects with different role names to a single database over VPN i faced a password error issue when trying to connect a send user
> It seems I had to change this line in pg_hba.conf and it worked:
> 
>    `# IPv4 external connections thru VPN
>     #TYPE   DATABASE  USER   ADDRESS  METHOD 
>     host   all       all      <ip>    trust `        <=(from the earlier scram-sha-256)
> 
> is this the way and is this correct from a security point of view ?

While correctness and security always needs to be evaluated from the specific
needs of an installation, the odds are pretty good that "No" is the correct
answer here.  To quote the documentation on the "trust" setting:

	"Allow the connection unconditionally.  This method allows anyone that
	can connect to the PostgreSQL database server to login as any
	PostgreSQL user they wish, without the need for a password or any other
	authentication."

I would recommend immediately reverting back to the scram-sha-256 setting and
figuring out why you were unable to login.

--
Daniel Gustafsson







[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux