Skip site navigation (1) Skip section navigation (2)

Re: [HACKERS] pg_hba.conf: 'trust' vs. 'md5' Issues

From: "Woody Woodring" <george(dot)woodring(at)iglass(dot)net>
To: "'Jeanna Geier'" <jgeier(at)apt-cafm(dot)com>
Cc: <pgsql-hackers(at)postgresql(dot)org>, <pgsql-admin(at)postgresql(dot)org>
Subject: Re: [HACKERS] pg_hba.conf: 'trust' vs. 'md5' Issues
Date: 2006-09-26 17:55:08
Message-ID: 011c01c6e194$e79440a0$80b1a8c0@istructure.com (view raw or flat)
Thread:
Lists: pgsql-adminpgsql-hackers
 
I have run into the issue with our linux boxes connecting with the JDBC
driver.  Lucky for us our connections already go over encrypted VPN
connections so I could get by with the following in my pg_hba.conf

hostssl all     all     192.168.176.0   255.255.255.0     md5
host    all     all     192.168.176.2   255.255.255.255   md5
host    all     all     192.168.176.9   255.255.255.255   md5
host    all     all     192.168.176.21   255.255.255.255   md5
host    all     all     192.168.176.22   255.255.255.255   md5

This will select the SSL connection first and then fall back to the non-ssl
which are restricted to our tomcat web servers.

This work around was set up in 7.4 of postgres.  We are currently upgrading
to 8.1, but I have not had a chance to revisit the SSL with JDBC yet.

Woody
IGLASS Networks

-----Original Message-----
From: pgsql-hackers-owner(at)postgresql(dot)org
[mailto:pgsql-hackers-owner(at)postgresql(dot)org] On Behalf Of Jeanna Geier
Sent: Tuesday, September 26, 2006 1:24 PM
To: Jeff Frost
Cc: "Tom Lane"; pgsql-admin(at)postgresql(dot)org; pgsql-hackers(at)postgresql(dot)org
Subject: Re: [HACKERS] [ADMIN] pg_hba.conf: 'trust' vs. 'md5' Issues 

Searched again for 'pgpass' and for the 'Application Data' directory with no
luck...

And, tell me it ain't so "you don't have to build the windows version from
source to use SSL" -- I had two seperate posters tell me that I did and I
wrestled with it for a bit...for nothing??  Ah, live and learn! :o)  I don't
think I'll consider myself a 'newbie' after this project is done. :o)

----- Original Message -----
From: "Jeff Frost" <jeff(at)frostconsultingllc(dot)com>
To: "Jeanna Geier" <jgeier(at)apt-cafm(dot)com>
Cc: ""Tom Lane"" <tgl(at)sss(dot)pgh(dot)pa(dot)us>; <pgsql-admin(at)postgresql(dot)org>;
<pgsql-hackers(at)postgresql(dot)org>
Sent: Tuesday, September 26, 2006 12:16 PM
Subject: Re: [ADMIN] pg_hba.conf: 'trust' vs. 'md5' Issues


> On Tue, 26 Sep 2006, Jeanna Geier wrote:
>
>> Any thoughts??  Like I said previously, I did build this on Windows 
>> from source so we could use the SSL option.....could I have missed 
>> something when I was doing that? (It was my first time and I was 
>> following instructions from the INSTALL docs)
>
>
> Jeanna, see my earlier email regarding all the different variations 
> and also where to find your pgpass file on windows.  But, please note, 
> you don't have to build the windows version from source to use SSL.  
> The two binary versions I was using for testing both worked fine with SSL.
> 


---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
       choose an index scan if your joining column's datatypes do not
       match


In response to

pgsql-hackers by date

Next:From: Tom LaneDate: 2006-09-26 18:18:59
Subject: Sane error messages for SSL retry cases
Previous:From: Jeanna GeierDate: 2006-09-26 17:51:06
Subject: Re: pg_hba.conf: 'trust' vs. 'md5' Issues

pgsql-admin by date

Next:From: Gregory S. WilliamsonDate: 2006-09-26 21:54:20
Subject: Runtime error: could not open segment 1 of relation ...
Previous:From: Jeanna GeierDate: 2006-09-26 17:51:06
Subject: Re: pg_hba.conf: 'trust' vs. 'md5' Issues

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group