Skip site navigation (1) Skip section navigation (2)

Re: Pet Peeves?

From: Adrian Klaver <aklaver(at)comcast(dot)net>
To: pgsql-general(at)postgresql(dot)org
Cc: rhubbell <Rhubbell(at)ihubbell(dot)com>
Subject: Re: Pet Peeves?
Date: 2009-01-30 01:53:37
Message-ID: 200901291753.37727.aklaver@comcast.net (view raw or flat)
Thread:
Lists: pgsql-general
On Thursday 29 January 2009 9:19:15 am rhubbell wrote:
> I'm a new user to PostgreSQL so mine's fresh from doing an install
> recently.
>
>
> In /etc/postgresql/8.3/main/pg_hba.conf
>
> # METHOD can be "trust", "reject", "md5", "crypt", "password", "gss",
> "sspi", # "krb5", "ident", "pam" or "ldap".  Note that "password" sends
> passwords # in clear text; "md5" is preferred since it sends encrypted
> passwords.
>
>
> So I chose md5 but it will not work, seems like a basic thing. So I am
> forced to use "trust".  These are the kinds of things that wear down
> busy people trying use the software. Maybe this is a documentation
> enhancement or bug.
>

You realize the authentication is done top to bottom? The first line that 
matches wins :) So if you have a matching "trust" line before your "md5" line 
then it will not use md5.

For a better explanation:

http://www.postgresql.org/docs/8.2/interactive/auth-pg-hba-conf.html

"Each record specifies a connection type, a client IP address range (if relevant 
for the connection type), a database name, a user name, and the authentication 
method to be used for connections matching these parameters. The first record 
with a matching connection type, client address, requested database, and user 
name is used to perform authentication. There is no "fall-through" or "backup": 
if one record is chosen and the authentication fails, subsequent records are 
not considered. If no record matches, access is denied."


-- 
Adrian Klaver
aklaver(at)comcast(dot)net

In response to

pgsql-general by date

Next:From: Jeff FrostDate: 2009-01-30 02:34:04
Subject: Re: Full backup - pg_dumpall sufficient?
Previous:From: Jeff FrostDate: 2009-01-30 01:43:06
Subject: Re: Full backup - pg_dumpall sufficient?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group