Re: pg_hba.conf: 'trust' vs. 'md5' Issues

On Tue, 26 Sep 2006, Tom Lane wrote:

> Jeff Frost <jeff(at)frostconsultingllc(dot)com> writes:
>> Interestingly, I receive the same error when I disable SSL on the server:
>
> If SSL is disabled then hostssl lines in pg_hba.conf effectively become
> no-ops --- they can never be matched since no incoming connection will
> be SSL-ified. So that part of it sounds reasonable to me. (Perhaps we
> could log some kind of complaint in this case, though the easy places
> to put in such a message would generate an unacceptably large number of
> repetitions of the message :-()
>
>> But, when I put the trust line back with hostssl, I do not get connected as
>> per her original indication.
>
> Please be clearer about what you mean here --- Jeanna *was* able to
> connect in this case, if I'm not totally confused.

Sorry, Tom. I should have been more clear. I was trying to reproduce her
problem by leaving ssl=off in the postgresql.conf (as if she didn't restart
postgres after the pg_hba.conf change), to see if the hostssl line magically
became a host line. But, she later indicated that she saw the SSL encryption
info in the psql line when she got connected with this method, so that kind of
ruled that out. See my later e-mail where I tried lots of different methods.

I suppose it's also possible there is a host all all 127.0.0.1/32 trust line
later in the pg_hba.conf that it's falling through and hitting, but I think
your .pgpass theory is the best.

--
Jeff 'Frosty' Frost - AFM #996 - Frost Consulting, LLC Racing
http://www.frostconsultingllc.com/ http://www.motonation.com/
http://www.suomy-usa.com/ http://www.motionpro.com/
http://www.motorexusa.com/ http://www.lockhartphillipsusa.com/
http://www.zoomzoomtrackdays.com/ http://www.braking.com/