Skip site navigation (1) Skip section navigation (2)

Ident authentication fails due to bind error on server (8.4.8)

From: "Marinos Yannikos" <mjy(at)geizhals(dot)at>
To: "PostgreSQL Bugs" <pgsql-bugs(at)postgresql(dot)org>
Subject: Ident authentication fails due to bind error on server (8.4.8)
Date: 2011-06-17 09:28:12
Message-ID: op.vw7q9avrkhmbxg@klump-pc (view raw or flat)
Thread:
Lists: pgsql-bugs
Hi,

I'm not sure that this is not a configuration or networking issue (so  
apologies if it is), but we seem to be getting rare (a few times/day)  
failures with ident authentication because several clients attempt to do  
it simultaneously over a high-latency connection (capitalized = edited  
IPs/username etc.):

[DB CLIENTADDR(51985) 3173 2011-06-17 10:49:56 CEST] LOG:  could not bind  
to local address "SERVERADDR": Address already in use
[DB CLIENTADDR(51985) 3173 2011-06-17 10:49:56 CEST] FATAL:  Ident  
authentication failed for user "USER"
[DB CLIENTADDR(51986) 3183 2011-06-17 10:49:56 CEST] FATAL:  no  
pg_hba.conf entry for host "CLIENTADDR", user "USER", database "DB", SSL  
off

on the client side, we had 2 connection attempts, of which 1 failed  
(apparently):

Jun 17 10:49:53 xxx oidentd[12377]: Connection from SERVER (SERVERADDR):0
Jun 17 10:49:53 xxx oidentd[12377]: [SERVER] Successful lookup: 51980 ,  
5432 : crm (crm)

[Fri Jun 17 10:49:53 2011] [error] [client 127.0.0.1] [Fri Jun 17 10:49:53  
2011] kv_tpl.pl: DBI connect('dbname=DB;host=SERVER','USER',...) failed:  
FATAL:  Ident authentication failed for user "USER", referer: URL
[Fri Jun 17 10:49:53 2011] [error] [client 127.0.0.1] [Fri Jun 17 10:49:53  
2011] kv_tpl.pl: FATAL:  no pg_hba.conf entry for host "CLIENTADDR", user  
"USER", database "DB", SSL off at /var/www/crm/kv_tpl.pl line 100,  
referer: URL

Is this a possible race condition in src/backend/libpq/auth.c ?

[note: the client/server clocks are 3 seconds apart at this point, I  
haven't investigated whether that causes issues here]

---
     /*
      * Bind to the address which the client originally contacted, otherwise
      * the ident server won't be able to match up the right connection.  
This
      * is necessary if the PostgreSQL server is running on an IP alias.
      */
     rc = bind(sock_fd, la->ai_addr, la->ai_addrlen);
     if (rc != 0)
     {
         ereport(LOG,
                 (errcode_for_socket_access(),
                  errmsg("could not bind to local address \"%s\": %m",
                         local_addr_s)));
         ident_return = false;
         goto ident_inet_done;
     }
---

Regards,
  Marinos

Responses

pgsql-bugs by date

Next:From: Christoph BergDate: 2011-06-17 11:10:34
Subject: Re: BUG #6066: [PATCH] Mark more strings as c-format
Previous:From: Christoph BergDate: 2011-06-17 09:11:14
Subject: Re: BUG #6066: Bad string in German translation causes segfault (user-triggerable)

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group