| From: | Victor Danilchenko <danilche(at)cs(dot)umass(dot)edu> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Help with access control settings in pg_hba.conf -- AAAARGH! |
| Date: | 2005-01-27 15:01:48 |
| Message-ID: | Pine.OSX.4.50.0501270949130.17513-100000@phobos.cs.umass.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Hi,
I am trying to set up a database server with multiple DB
clusters, so that in each cluster a number of users have their own
database each, with passwordless access (we can trust the network
security in our installation). The following is what seems like it
*should* work:
host all all 127.0.0.1 255.255.255.255 password
host sameuser all xxx.xxx.xxx.0 255.255.255.128 ident sameuser
host all @fac xxx.xxx.xxx.0 255.255.255.128 trust
The second line ("host sameuser") is the problem. It doesn't
work -- when tryign to connect, I keep getting error messages:
$ whoami
testuser
$ psql -h db-edlab -p 7666 testuser testuser
psql: FATAL: IDENT authentication failed for user "testuser"
If I replace 'ident sameuser' with 'trust' there, it works fine
-- but then any user can access anyone else's database, providing they
request the same password.
The idea is that each user should be able to access only their
database, only as themselves, without password -- but I can't figure out
what I am doing wrong. Any help? if what I am trying to do is
impossible, is there any other way to achieve such a goal -- i.e.
passwordless access that allows each user to access only their own
database over the network?
BTW, as long as I am writing, a somewhat related question, which
is not nearly as important as the previous one.
I launch multiple postmatser processes, each servicing a
dedicated DB cluster on a dedicated port. The problem is that I only
ever see *one* local UNIX socket (/tmp/.s.PGSQL.<portnumber>) file.
There is a .lock file created corresponding to each server/port combo,
but it looks like each subsequent instance of the postmaster kills the
previous instance's UNIX socket. Is this how it should be -- and if so,
are there any pg_ctl options I can pass in to make it simply not create
the UNIX sockets altogether, so that only network operations are
supported? AT the moment, I am doing admin access though the loopback
device, so it's not a big issue.
--
| Victor Danilchenko | Give a man a match, and he will be warm |
| danilche(at)cs(dot)umass(dot)edu | for a moment; but set him on fire, and |
| CSCF | 5-4231 | he will be warm for the rest of his life. |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Victor Danilchenko | 2005-01-27 15:18:04 | Re: Help with access control settings in pg_hba.conf -- |
| Previous Message | Luis Sousa | 2005-01-27 10:01:27 | Re: Restore postgres database problem |