On Thu, 27 Jan 2005, Victor Danilchenko wrote:
> I am trying to set up a database server with multiple DB
>clusters, so that in each cluster a number of users have their own
>database each, with passwordless access (we can trust the network
>security in our installation). The following is what seems like it
>host all all 127.0.0.1 255.255.255.255 password
>host sameuser all xxx.xxx.xxx.0 255.255.255.128 ident sameuser
>host all @fac xxx.xxx.xxx.0 255.255.255.128 trust
> The second line ("host sameuser") is the problem. It doesn't
>work -- when tryign to connect, I keep getting error messages:
>$ psql -h db-edlab -p 7666 testuser testuser
>psql: FATAL: IDENT authentication failed for user "testuser"
I forgot to mention that yes, I do have identd daemon running on
the connecting system -- from the RHL pidentd RPM.
> If I replace 'ident sameuser' with 'trust' there, it works fine
>-- but then any user can access anyone else's database, providing they
>request the same password.
> The idea is that each user should be able to access only their
>database, only as themselves, without password -- but I can't figure out
>what I am doing wrong. Any help? if what I am trying to do is
>impossible, is there any other way to achieve such a goal -- i.e.
>passwordless access that allows each user to access only their own
>database over the network?
> BTW, as long as I am writing, a somewhat related question, which
>is not nearly as important as the previous one.
> I launch multiple postmatser processes, each servicing a
>dedicated DB cluster on a dedicated port. The problem is that I only
>ever see *one* local UNIX socket (/tmp/.s.PGSQL.<portnumber>) file.
>There is a .lock file created corresponding to each server/port combo,
>but it looks like each subsequent instance of the postmaster kills the
>previous instance's UNIX socket. Is this how it should be -- and if so,
>are there any pg_ctl options I can pass in to make it simply not create
>the UNIX sockets altogether, so that only network operations are
>supported? AT the moment, I am doing admin access though the loopback
>device, so it's not a big issue.
| Victor Danilchenko +------------------------------------+
| danilche(at)cs(dot)umass(dot)edu | I don't have to outrun the bear -- |
| CSCF | 5-4231 | I just have to outrun YOU! |
In response to
pgsql-admin by date
|Next:||From: Victor Danilchenko||Date: 2005-01-27 17:22:06|
|Subject: Re: Help with access control settings in pg_hba.conf --|
|Previous:||From: Victor Danilchenko||Date: 2005-01-27 15:01:48|
|Subject: Help with access control settings in pg_hba.conf -- AAAARGH!|