Skip site navigation (1) Skip section navigation (2)

Re: authentication

From: tim hall <tech(at)glastonburymusic(dot)org(dot)uk>
To: PostGreSQL <pgsql-novice(at)postgresql(dot)org>
Subject: Re: authentication
Date: 2004-08-24 14:15:04
Message-ID: 200408241515.04771.tech@glastonburymusic.org.uk (view raw or flat)
Thread:
Lists: pgsql-novice
Thanks Tom & Oliver for your swift replies.

Last Tuesday 24 August 2004 07:58, Oliver Elphick was like:
> On Tue, 2004-08-24 at 03:15, tim hall wrote:
> > Hi,
> >
> > I'm using PostgreSQL 7.4.3 on i386-pc-linux-gnu, compiled by GCC
> > i386-linux-gcc (GCC) 3.3.4 (Debian 1:3.3.4-3).
> >
> > I'm fine with most things except I simply don't understand how
> > authentication works - I have RTFM'd and still don't get it. I have no
> > trouble connecting with the Postmaster on my local machine via
> > command-line psql, but I'm not experiencing the same joy with Python or
> > PgAccess, both return similar errors if I specify the Host as
> > 'localhost':
>
> host=localhost uses TCP/IP.  This is not the same as your local setup,
> where host=<empty string>, which uses a Unix socket.  If you specify
> host=<empty string> to pgaccess, it should work like your local
> connection and use a Unix socket (so long as the client is on the same
> machine as the postmaster).  As Tom pointed out, if you use a TCP/IP
> connection, you need an ident server running on the client's machine to
> support IDENT authentication.

Ah right. I switched to trust based authentication so I could COPY my data 
into place on localhost, not ideal in the long term, but it'll do while I 
figure things out. The word 'server' was the missing bit from my 
understanding of IDENT, I'd read the bit in the docs that says 'start the 
server with the -i option' and had got as far as reading 
through /etc/init.d/postgresql in the hope there was something obvious in 
there :-] Perhaps it will make more sense if I look in the right place!

> By the way, you should not use IDENT authentication between machines
> unless you fully trust the administration of the client machines; faking
> ident responses is quite easy to do.

OK, thanks for the warning. I'll get it working the way I want it with my 
local version of apache before I try to deal with external machines. I'm 
going to have to be VERY sure of what I'm doing as my external server (and 
entire LUG) is LAMP oriented and (rightly) rather paranoid security-wise. I 
discover they had some misapprehensions about the sturdiness and maturity of 
PostgreSQL.

Well, I'll continue my studies and hope to do a pypg presentation for my local 
group at some point in the not too distant future. Meeting you (Oliver) at 
Olympia in April helped me decide to stop flirting with LAMP and get on with 
the approach that I feel comfortable with (PostgreSQL + Python).

Your support and work is very much appreciated.

cheers

tim hall

In response to

Responses

pgsql-novice by date

Next:From: Frank BaxDate: 2004-08-24 14:16:38
Subject: Re: MySQL vs PostgreSQL
Previous:From: Marcus Andree S. MagalhaesDate: 2004-08-24 13:56:08
Subject: sharing temporary tables

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group