Skip site navigation (1) Skip section navigation (2)

BUG #5763: pg_hba.conf not honored

From: "Kaiting Chen" <kaitocracy(at)gmail(dot)com>
To: pgsql-bugs(at)postgresql(dot)org
Subject: BUG #5763: pg_hba.conf not honored
Date: 2010-11-23 08:34:19
Message-ID: 201011230834.oAN8YJkI016093@wwwmaster.postgresql.org (view raw or flat)
Thread:
Lists: pgsql-bugs
The following bug has been logged online:

Bug reference:      5763
Logged by:          Kaiting Chen
Email address:      kaitocracy(at)gmail(dot)com
PostgreSQL version: 9.0.1
Operating system:   Arch Linux (latest)
Description:        pg_hba.conf not honored
Details: 

### /etc/postgresql/pg_hba.conf: Authentication configuration for
'postgresql'

# Type   Database  User     CIDR-ADDRESS        Method
  local  all       psql                         ident
  host   all       +service 192.168.162.130/32  password
  host   all       all      192.168.162.130/32  gss

### /etc/postgresql/pg_hba.conf: Authentication configuration for
'postgresql'

                           List of roles
     Role name     |            Attributes             | Member of
-------------------+-----------------------------------+-----------
 kaiting.chen      | Superuser, Create role, Create DB | {turtle}
 psql              | Superuser, Create role, Create DB | {}
 service           |                                   | {}
 turtle            |                                   | {}

---

kaiting.chen ~: PGHOST='psql.kiwilight.com' psql
Password:
psql: fe_sendauth: no password supplied

From this pg_hba configuration as the user 'kaiting.chen' is not in role
'service' the second entry in the table should be skipped and he should
authenticate via GSSAPI. However this does not happen.




### /etc/postgresql/pg_hba.conf: Authentication configuration for
'postgresql'

# Type   Database  User     CIDR-ADDRESS        Method
  local  all       psql                         ident
  host   all       +turtle  192.168.162.130/32  gss
  host   all       all      192.168.162.130/32  password

### /etc/postgresql/pg_hba.conf: Authentication configuration for
'postgresql'

                           List of roles
     Role name     |            Attributes             | Member of
-------------------+-----------------------------------+-----------
 kaiting.chen      | Superuser, Create role, Create DB | {}
 psql              | Superuser, Create role, Create DB | {}
 service           |                                   | {}
 turtle            |                                   | {}

---

kaiting.chen ~: PGHOST='psql.kiwilight.com' psql
psql (9.0.1)
Type "help" for help.

kaiting.chen=#

From this pg_hba configuration as the user 'kaiting.chen' is no longer in
the role 'turtle' the second entry in the table should be skipped and he
should authenticate via password. However he is granted access to the
server.

Either I am missing something very obvious or this is completely broken.
--Kaiting.

Responses

pgsql-bugs by date

Next:From: Jon NelsonDate: 2010-11-23 14:37:02
Subject: Re: temporary tables, and lots of 0 byte files
Previous:From: Tom LaneDate: 2010-11-23 04:11:59
Subject: Re: temporary tables, and lots of 0 byte files

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group