Skip site navigation (1) Skip section navigation (2)

Re: Ident authentication fails due to bind error on server (8.4.8)

From: "Marinos Yannikos" <mjy(at)geizhals(dot)at>
To: "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: "PostgreSQL Bugs" <pgsql-bugs(at)postgresql(dot)org>
Subject: Re: Ident authentication fails due to bind error on server (8.4.8)
Date: 2011-06-18 02:55:59
Message-ID: op.vw83rlr0khmbxg@klump-pc.ghoffice (view raw or flat)
Thread:
Lists: pgsql-bugs
On Fri, 17 Jun 2011 19:51:59 +0200, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:

> I looked at the glibc source code for getaddrinfo, and it looks like
> they do reliably set sin_port to zero when no service argument is
> provided, despite the above documentation statement.  So that's why it
> works for me.  But still, if you're on a non-Linux platform it seems
> possible that this is the mechanism for what's biting you.

Both client and server are Linux systems here and sin_port is 0 also  
according to debug output I added. I cannot reproduce the problem reliably  
(the users are much better testers it seems), so I'm a bit stuck with my  
best guess being TIME_WAIT issues, perhaps FIN packets getting lost. I've  
set

sysctl -w net.ipv4.tcp_tw_reuse=1

now and will post again if there is any change.

> (BTW, is it really sane to be using ident auth over a "high latency
> connection"?  That would certainly suggest to me that you could be
> getting connections from untrustworthy machines ...)

Both endpoints are properly firewalled (the sane sysadmins say so) and for  
this particular connection only one client IP address is allowed by  
pg_hba.conf, the reason why we also use ident authentication is to allow  
only a few select uid's on the client host to connect to certain DSNs.

Thanks for all the helpful info!

Regards,
  Marinos

In response to

Responses

pgsql-bugs by date

Next:From: Greg SmithDate: 2011-06-18 05:58:19
Subject: Re: could not read block XXXXX in file "base/YYYYY/ZZZZZZ": read only 160 of 8192 bytes
Previous:From: David FetterDate: 2011-06-17 22:46:02
Subject: BUG #6067: In PL/pgsql, EXISTS(SELECT ... INTO...) fails

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group