Re: pg_hda.conf

From: Oliver Elphick <olly(at)lfix(dot)co(dot)uk>
To: Bo Lorentsen <bl(at)netgroup(dot)dk>
Cc: pgsql-novice(at)postgresql(dot)org
Subject: Re: pg_hda.conf
Date: 2003-11-22 13:41:15
Message-ID: 1069508475.5767.313.camel@linda.lfix.co.uk
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-novice

On Fri, 2003-11-21 at 23:47, Bo Lorentsen wrote:
> On Fri, 2003-11-21 at 23:18, Oliver Elphick wrote:
>
> > Automatic update is now controlled by a debconf question; the default
> > answer is no.
> Ahh, then I just need to know how to turn this on, as I newer have
> altered the debconf data manualy.

As root:
dpkg-reconfigure postgresql

> Btw. I also did get some debconf warnings, but I did not store them
> anywhere (as far as I know). Does it matter that I use your woody
> packages on sarge (regarding debconf) ?

I don't think so.

> > Please show all the uncommented lines. Remember that the *first* match
> > is what governs. If an earlier "ident sameuser" line has matched, your
> > later additions will have no effect.
> Thanks, but I tried to take this in account, but here goes :
>
> # DO NOT DISABLE!
> # If you change this next entry you will need to make sure the postgres user
> # can access the database using some other method. The postgres user needs
> # non-interactive access to all databases during automatic maintenance
> # (see the vacuum command and the /usr/lib/postgresql/bin/do.maintenance
> # script).
> local all postgres trust
> local all all trust
> host all all 127.0.0.1 255.255.255.255 trust
> host all all 0.0.0.0 0.0.0.0 reject

This certainly isn't the distributed file. What you have there should
allow any user to connect on the local machine and change his identity
at will. Is it this file that is giving you trouble? If this file is
giving you ident errors, it cannot be the file the postmaster is using.

The actual file read by the postmaster is in $PGDATA/pg_hba.conf. On
Debian, that should be a symbolic link to /etc/postgresql/pg_hba.conf.
If the link has been broken, no amount of editing the wrong file will
fix things!

> > If the old pg_hba.conf was different, the resulting behaviour would
> > probably be different. What changes were there between the old and the
> > new? (If you had "ident sameuser" in 7.3 (or earlier) you would never
> > have been able to switch identities -- this has not changed between
> > versions.)
> Hmm, no changes was really made, but the old file was overwritten, so I
> made a new one that contained what was needed (or at least what was what
> I hoped for), and it looks like the old one :-)

This is the distributed file:

# DO NOT DISABLE!
# If you change this first entry you will need to make sure the postgres user
# can access the database using some other method. The postgres user needs
# non-interactive access to all databases during automatic maintenance
# (see the vacuum command and the /usr/lib/postgresql/bin/do.maintenance
# script).
#
# TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
# Database administrative login by UNIX sockets
local all postgres ident sameuser
#
# All other connections by UNIX sockets
local all all ident sameuser
#
# All IPv4 connections from localhost
host all all 127.0.0.1 255.255.255.255 ident sameuser
#
# All IPv6 localhost connections
host all all ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff ident sameuser
host all all ::ffff:127.0.0.1/128 ident sameuser
#
# reject all other connection attempts
host all all 0.0.0.0 0.0.0.0 reject

To allow "www-data" to connect and change identity to "wiki" you would
need to change "sameuser" to a map name and put an associated entry in
pg_ident.conf. See the manual for details.

--
Oliver Elphick Oliver(dot)Elphick(at)lfix(dot)co(dot)uk
Isle of Wight, UK http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
========================================
"Can two walk together, except they be agreed?"
Amos 3:3

In response to

Responses

Browse pgsql-novice by date

  From Date Subject
Next Message Bruno LEVEQUE 2003-11-22 13:52:55 Re: Environment variables
Previous Message Roy MacGregor Paterson 2003-11-22 12:59:03 Re: Environment variables