Re: Too easy to log in as the "postgres" user?

* Thom Brown (thombrown(at)gmail(dot)com) wrote:
> 2009/10/15 A. Kretschmer <andreas(dot)kretschmer(at)schollglas(dot)com>:
> >>
> >> The pg_hba.conf is probably relevant here, so this is the setup:
> >>
> >> # TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
> >>
> >> # "local" is for Unix domain socket connections only
> >> local   all         all                               trust
> >> # IPv4 local connections:
> >> host    all         all         127.0.0.1/32          trust
> >> # IPv6 local connections:
> >> host    all         all         ::1/128               trust
> >
> > Try to change trust to sameuser.
> >
>
> I've made that change, but now PostgreSQL won't start, and outputs the
> following error in the log:
>
> 2009-10-15 11:52:41 BST [18720]: [2-1] CONTEXT: line 74 of
> configuration file "/var/lib/postgresql/8.4/data/pg_hba.conf"
> 2009-10-15 11:52:41 BST [18720]: [3-1] LOG: invalid authentication
> method "sameuser

You need it to be 'ident sameuser', not just 'sameuser'. Also, only do
that for the 'local' line. Comment out the host lines if you don't need
them. If you do need them, change them to something else (eg: md5 if
you want password-based, gssapi if you have a Kerberos or MS/Active
Directory infrastructure, ldap is also an option, etc...).

'local' is used when connecting over a unix socket, eg: psql -d blah
'host' is used when connecting over a network: psql -d blah -h myhost

Stephen

Stephen