| From: | Tom Allison <tom(at)tacocat(dot)net> |
|---|---|
| To: | Russell Smith <mr-russ(at)pws(dot)com(dot)au> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: pg_hba.conf |
| Date: | 2006-11-20 11:29:22 |
| Message-ID: | 45619192.3010904@tacocat.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Russell Smith wrote:
> Tom Allison wrote:
>> Ran into a mystery that I can't seem to figure out....
>>
>>
>> I want to authenticate using SSL for all external IP addresses that I
>> have in my subnet. I also want to be able to authenticate via non-SSL
>> for localhost (not unix socket).
>>
>> I thought something like this would work:
>>
>> host all all 127.0.0.1/32 md5
>> hostssl all all 192.168.0.1/24 md5
>>
>> But I have a localhost client that can't log in because it keeps
>> trying to authenticate via SSL.
>>
>> What am I doing wrong? It seems simple enough.
> What command are you typing?
>
> #nonssl
> postgres$ psql -h localhost postgres
> #ssl
> postgres$ psql -h 192.168.1.1 postgres
>
psql -h localhost
My "other" client is actually postfix and that's also specified as 'localhost'.
I suppose you are going to tell me that there is a difference here?
I've always assumed you had to use network IP ranges, not DNS like names (albeit
localhost is a special case).
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Russell Smith | 2006-11-20 11:55:40 | Re: pg_hba.conf |
| Previous Message | J. Greg Davidson | 2006-11-20 10:26:44 | Re: User-defined-type in C crashing PostgreSQL server: |