Re: pg_hba.conf change in 7.4

[ Original email attached.]

> I wonder if there is any recommendation to this ?
> Is there a way to configure PostgreSQL to not use
> IPv6 ?

I don't know what you want us to do about it? Your OS is accepting all
connections as IPv6, so you have to control that with IPv6 addresses in
pg_hba.conf.

> We are also wonder if there is a version of Ident server
> that the PostgreSQL community knows that will work
> with IPv6.

That is the big question. I would think Solaris ships with one, but
maybe not. Is 7.4/Solaris/ident not a workable combination? Folks?

---------------------------------------------------------------------------

pgman wrote:
> Seum-Lim Gan wrote:
> > Hi,
> >
> > In 7.4, I noticed there is this ::1 and ffff: (x8 of them)
> > for IPv6.
> >
> > I looked at the documentation and there is nothing that says
> > what the ::1 is for.
>
> The ::1 is a IPv6 shorthand for 127.0.0.1 (localhost).
>
> > Commenting out that line will prevent access to PostgreSQL
> > from psql unless I put trust for that line.
> >
> > This is what I had in 7.3.4:
> > host all all 127.0.0.1 255.255.255.255
> > ident pspmap
> > local all all password
> > host all all 0.0.0.0 0.0.0.0 reject
> >
> > But in 7.4, it does not work anymore. It seems to want ::1 to be somewhere.
> > If I change the line with ::1 from trust to ident pspmap, it complains that
> > the user cannot be found. But it is in the pspmap. Message fromm psql:
>
> Seems you have an OS that makes all connections IPv6, even IPv4 ones.
> That is why we had to have that line in there. Seems ::1 controls your
> local connections on that platform. Some platforms have distinct IPv4
> and IPv6 connections, so we have to include both lines in the file.
>
> > Right now, I have it set to trust to work around.
> > Any idea what to do about this ?
> >
> > host all all 127.0.0.1 255.255.255.255
> > ident pspmap
> > local all all password
> > host all all 0.0.0.0 0.0.0.0 reject
> > # IPv4-style local connections:
> > #host all all 127.0.0.1 255.255.255.255 trust
> > # IPv6-style local connections:
> > host all all ::1
> > ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff trust
>
> Yea, that's about it. My guess is that nothing is coming in via IPv4 on
> your machine so 127.0.0.1 does nothing. Perhaps netstat will show the
> IP address family used.
>
> --
> Bruce Momjian | http://candle.pha.pa.us
> pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
> + If your life is a hard drive, | 13 Roberts Road
> + Christ can be your backup. | Newtown Square, Pennsylvania 19073

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073