-------------- Original message ---------------------- From: "Matthew Pettis" <matthew.pettis@xxxxxxxxx> > So, since I run my CGI under a non-'postgres' user, is that the line > that would govern my authentication, and then fail me? Because I > thought with 'postgres' listed as the 3rd spot, this line would not > apply, and would move on to a different governing rule... Sorry I was being thick. I failed to see the second local line. Yes it should pick either the next local line if no host is specified or the next host line if one is specified. > > On Wed, Aug 20, 2008 at 4:21 PM, Adrian Klaver <aklaver@xxxxxxxxxxx> wrote: > > -------------- Original message ---------------------- > > From: "Matthew Pettis" <matthew.pettis@xxxxxxxxx> > >> would the 'ident sameuser' entry qualify as a 'some non-functional > >> authentication method'? > > > > Yes. Basically you only get one shot at each connection to satisfy the > requirements of a pg_hba line. The lines are read top to bottom, so if you have > restrictive line at the top that your connection cannot satisfy then you are > locked out. As has been mentioned on Linux the default action is to connect via > the local socket in the absence of a host name/ip in the connection string.So in > your case with no host specified the connection would attempt a socket > connection. The first socket line is: > > local all postgres ident sameuser > > > > so you would need to be logged in as the Linux user postgres to make the > connection. > > > >> > >> > >> > >> On Wed, Aug 20, 2008 at 3:48 PM, Adrian Klaver <aklaver@xxxxxxxxxxx> wrote: > >> > > >> > -------------- Original message ---------------------- > >> > From: aklaver@xxxxxxxxxxx (Adrian Klaver) > >> >> -------------- Original message ---------------------- > >> >> From: "Matthew Pettis" <matthew.pettis@xxxxxxxxx> > >> >> > SOLVED. > >> >> > > >> >> > Yep, Restart was done. > >> >> > > >> >> > The issue turned out not to be with Postgresql config, but the app > >> >> > config. In the app, I define a connection string, which has user, > >> >> > password, and databasename. When I had this same configuration on > >> >> > WinXP, I did not need to specify a fourth parameter, the host, which > >> >> > explicitly told the app to use host=localhost. When I added the host > >> >> > param to the connection string, it all went through. > >> >> > > >> >> > On the bright side, I learned a lot about how to restart the service > >> >> > and the config files... > >> >> > > >> >> > Curious: Any ideas why I can leave the host off my connection string > >> >> > in WinXP, but not Linux? It it an idiosyncracy of my app, or of > >> >> > PostgreSQL? > >> >> > > >> >> > Thanks for all the help, > >> >> > Matt > >> >> > > >> >> Is the Linux app running on the Postgres server machine? > >> >> If so I hazard a guess that you have a line like: > >> >> > >> >> local all all trust > >> > > >> > Should have been: > >> > > >> > local all all some non-functional > >> authentication method > >> > > >> > this would cause the connection to the socket to fail assuming the > >> authentication method selected did not work. > >> > > >> >> > >> >> before your host line in pg_hba. > >> >> > >> >> The app connecting from the same machine would try the local socket > (local) > >> >> before the localhost(tcp/ip), unless localhost was specified in the > >> connection > >> >> string. > >> >> > >> >> > >> >> > >> >> -- > >> >> Adrian Klaver > >> >> aklaver@xxxxxxxxxxx > >> >> > >> >> > >> >> > > > > > > > > -- > > Adrian Klaver > > aklaver@xxxxxxxxxxx > > > > -- Adrian Klaver aklaver@xxxxxxxxxxx
