Re: pg_hba.conf: 'trust' vs. 'md5' Issues

From: Jeff Frost <jeff(at)frostconsultingllc(dot)com>
To: Jeanna Geier <jgeier(at)apt-cafm(dot)com>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: pg_hba.conf: 'trust' vs. 'md5' Issues
Date: 2006-09-26 15:51:56
Message-ID: Pine.LNX.4.64.0609260849230.32444@discord.home.frostconsultingllc.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin pgsql-hackers

On Tue, 26 Sep 2006, Jeanna Geier wrote:

> Yes, I have ssl=true in postgresql.conf. (password encryption is commented
> out - is that OK?: #password_encryption = true)
>
> Also, yes, server.crt is in the 'data' directory of my postgres server, as is
> server.key.
>
> And, yes, when I am able to start Postgres (when using 'trust' in the
> pg_hba.conf file vs. 'md5'), I do so the 'SSL connection' line:
>
> It's only when I change the connection method to 'md5' that I'm running into
> problems -- then I cannot connect from pgadmin or the command line.
>

I just went through setting up SSL on the windows postgresql server and here
are two other things to check:

Did you restart the postgresql service after making the changes? (I'm not
sure how to issue a reload with the windows version.)

Also, did you make sure that server.crt and server.key are accessible for read
by the account under which the postgresql service is running?

After verifying both of those, I got a working SSL connection under windows:

C:\Program Files\PostgreSQL\8.1\bin>psql -U postgres postgres
Password for user postgres:
Welcome to psql 8.1.4, the PostgreSQL interactive terminal.

Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit

SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)

Warning: Console code page (437) differs from Windows code page (1252)
8-bit characters may not work correctly. See psql reference
page "Notes for Windows users" for details.

postgres=#

--
Jeff Frost, Owner <jeff(at)frostconsultingllc(dot)com>
Frost Consulting, LLC http://www.frostconsultingllc.com/
Phone: 650-780-7908 FAX: 650-649-1954

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Tom Lane 2006-09-26 15:52:39 Re: pg_hba.conf: 'trust' vs. 'md5' Issues
Previous Message Tom Lane 2006-09-26 15:31:41 Re: Beginner's Question: No pg_hba.conf entry for host...SSL Off

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2006-09-26 15:52:39 Re: pg_hba.conf: 'trust' vs. 'md5' Issues
Previous Message Bruce Momjian 2006-09-26 15:48:10 Re: horo(r)logy test fail on solaris (again and