| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | David(dot)Bear(at)asu(dot)edu |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: hba conf ident sameuser not working |
| Date: | 2006-02-16 02:00:41 |
| Message-ID: | 21927.1140055241@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
David Bear <David(dot)Bear(at)asu(dot)edu> writes:
> now, back on teancum that has the tunnel on port 6666, I do this:
> iddwb(at)teancum:~> psql -p 6666 -h localhost -U tlhowell
> psql: FATAL: Ident authentication failed for user "tlhowell"
> iddwb(at)teancum:~> psql -p 6666 -h localhost -U iddwb
> psql: FATAL: Ident authentication failed for user "iddwb"
I'm afraid you're kind of stuck on getting that to work. In the cases
that work, psql is executing on the server side of the ssh connection.
Here, you want it to work on the client side. The problem is that the
Postgres server is going to see that TCP connection as originating from
a server-side sshd daemon process, and so ident is quite properly going
to fail unless the requested database username matches whatever sshd is
running as.
You could possibly get it to work if you could get sshd to run the
daemon subprocess as yourself instead of root ... dunno enough about
ssh to know if that's possible.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jerry Sievers | 2006-02-16 15:36:01 | Dropping of indexes with cached PL query plans |
| Previous Message | David Bear | 2006-02-16 00:36:10 | Re: hba conf ident sameuser not working |