Skip site navigation (1) Skip section navigation (2)

Re: ident auth postgres 7.4 fedora core 3

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Ian Pilcher <i(dot)pilcher(at)comcast(dot)net>
Cc: pgsql-jdbc(at)postgresql(dot)org
Subject: Re: ident auth postgres 7.4 fedora core 3
Date: 2005-03-07 17:37:30
Message-ID: 3027.1110217050@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-jdbc
Ian Pilcher <i(dot)pilcher(at)comcast(dot)net> writes:
> Since 1.4.2 (I believe), Java uses IPv6 by default.  When a connection
> is made to an IPv4 address, it actually makes an IPv6 connection to an
> "IPv4-mapped address".  So when you request a connection to 127.0.0.1,
> you actually get a connection to ::ffff:127.0.0.1.  PostgreSQL doesn't
> know this, however; it asks the ident daemon, "who's connecting from
> 127.0.0.1?"  The daemon answers "nobody".

I traced through this on my own Fedora Core 3 box (kernel
2.6.10-1.766_FC3), and found that when I do
	psql -l -h ::ffff:127.0.0.1
the remote address given to Postgres by accept() is actually 127.0.0.1
not ::ffff:127.0.0.1.  So the kernel itself is doing the conversion at
some level.  On the psql side, the addresses are in fact shown as
::ffff:127.0.0.1, so the dirty work is being done in the kernel, it's
not that glibc downconverted the address to IPv4 in psql userland before
making the connection request.  In fact, "lsof" shows the connection as
being IPv6 on the psql side and IPv4 on the postmaster side!

Arguably this is a bug, or at least a bad idea, but there's probably not
going to be much interest in changing the kernel behavior in the near
future.  They'll say it would break many more things than it fixes
because of the many non-IPv6-aware programs out there.  And I suppose
they'd be right.

If you can't get any results from telling authd to map the addresses,
you might try connecting to "::1" instead of "::ffff:127.0.0.1".

			regards, tom lane

In response to

pgsql-jdbc by date

Next:From: Ian PilcherDate: 2005-03-07 17:43:02
Subject: Re: ident auth postgres 7.4 fedora core 3
Previous:From: Tom LaneDate: 2005-03-07 16:49:38
Subject: Re: ident auth postgres 7.4 fedora core 3

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group