Tom Allison wrote:
Russell Smith wrote:
Tom Allison wrote:
Ran into a mystery that I can't seem to figure out....
I want to authenticate using SSL for all external IP addresses that
I have in my subnet. I also want to be able to authenticate via
non-SSL for localhost (not unix socket).
I thought something like this would work:
host all all 127.0.0.1/32 md5
hostssl all all 192.168.0.1/24 md5
But I have a localhost client that can't log in because it keeps
trying to authenticate via SSL.
What am I doing wrong? It seems simple enough.
What command are you typing?
#nonssl
postgres$ psql -h localhost postgres
#ssl
postgres$ psql -h 192.168.1.1 postgres
psql -h localhost
My "other" client is actually postfix and that's also specified as
'localhost'.
I suppose you are going to tell me that there is a difference here?
I've always assumed you had to use network IP ranges, not DNS like
names (albeit localhost is a special case).
All good, it makes no difference.
try
hostnossl all all 127.0.0.1/32 md5
that should force non ssl for localhost connections, as long as there
are no entries before this one for localhost.
Hope that helps.
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
