Re: pg_hba.conf change in 7.4

Hi Bruce,

I wonder if there is any recommendation to this ?
Is there a way to configure PostgreSQL to not use
IPv6 ?

We are also wonder if there is a version of Ident server
that the PostgreSQL community knows that will work
with IPv6.

Thanks.

Gan

At 11:37 am -0600 2003/11/20, Seum-Lim Gan wrote:
>Hi Bruce,
>
>We are using Sun Solaris 9 on Sparc. uname -a :
>
>SunOS test01 5.9 Generic_112233-04 sun4u sparc SUNW,Ultra-80
>
>Gan
>
>At 12:29 pm -0500 2003/11/20, Bruce Momjian wrote:
>>I think what happens is that when we listen on IPv4 and IPv6, that all
>>connections get IPv6. What OS are you using?
>>
>>---------------------------------------------------------------------------
>>
>>Seum-Lim Gan wrote:
>>> Hi Bruce,
>>>
>>> Thanks for the info.
>>> I captured the netstat output below.
>>>
>>> Looks like there is a bunch of IPv4 being used.
>>>
>>> Any idea how this can be resolved ?
>>>
>>> Thanks.
>>>
>>> Gan
>>>
>>> UDP: IPv6
>>> Local Address Remote Address
>>> State If
>>> --------------------------------- ---------------------------------
>>> ---------- -----
>>> localhost.35847 localhost.35847
>>>Connected
>>>
>>> TCP: IPv4
>>> Local Address Remote Address Swind Send-Q Rwind Recv-Q State
>>> -------------------- -------------------- ----- ------ ----- ------ -------
>>> localhost.32906 localhost.14500 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.14500 localhost.32906 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.32908 localhost.14500 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.14500 localhost.32908 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.32910 localhost.14500 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.14500 localhost.32910 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.32911 localhost.14500 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.14500 localhost.32911 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.32913 localhost.14500 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.14500 localhost.32913 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.32915 localhost.14500 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.14500 localhost.32915 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.32917 localhost.14500 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.14500 localhost.32917 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.32919 localhost.14500 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.14500 localhost.32919 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.32920 localhost.14500 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.14500 localhost.32920 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.32922 localhost.14500 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.14500 localhost.32922 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.32923 localhost.14500 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.14500 localhost.32923 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.32924 localhost.14500 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.14500 localhost.32924 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.32926 localhost.14500 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.14500 localhost.32926 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.32927 localhost.14500 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.14500 localhost.32927 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.33086 localhost.14500 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.14500 localhost.33086 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.33087 localhost.14500 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.14500 localhost.33087 49152 0 49152
>>>0 ESTABLISHED
>> > localhost.50882 localhost.14502 49152 0 49152
>>0 ESTABLISHED
>>> localhost.14502 localhost.50882 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.50883 localhost.14500 49152 0 49152
>>>0 ESTABLISHED
>>> localhost.14500 localhost.50883 49152 0 49152
>>>0 ESTABLISHED
>>>
>>> At 12:11 pm -0500 2003/11/20, Bruce Momjian wrote:
>>> >Seum-Lim Gan wrote:
>>> >> Hi,
>>> >>
>>> >> In 7.4, I noticed there is this ::1 and ffff: (x8 of them)
>>> >> for IPv6.
>>> >>
>>> >> I looked at the documentation and there is nothing that says
>>> >> what the ::1 is for.
>>> >
>>> >The ::1 is a IPv6 shorthand for 127.0.0.1 (localhost).
>>> >
>>> >> Commenting out that line will prevent access to PostgreSQL
>>> >> from psql unless I put trust for that line.
>>> >>
>>> >> This is what I had in 7.3.4:
>>> >> host all all 127.0.0.1 255.255.255.255
>>> > > ident pspmap
>>> >> local all all
>>>password
>>> >> host all all 0.0.0.0 0.0.0.0 reject
>>> >>
>>> >> But in 7.4, it does not work anymore. It seems to want ::1 to
>>>be somewhere.
>>> >> If I change the line with ::1 from trust to ident pspmap, it
>>>complains that
>>> >> the user cannot be found. But it is in the pspmap. Message fromm psql:
>>> >
>>> >Seems you have an OS that makes all connections IPv6, even IPv4 ones.
>>> >That is why we had to have that line in there. Seems ::1 controls your
>>> >local connections on that platform. Some platforms have distinct IPv4
>>> >and IPv6 connections, so we have to include both lines in the file.
>>> >
>>> >> Right now, I have it set to trust to work around.
>>> >> Any idea what to do about this ?
>>> >>
>>> >> host all all 127.0.0.1 255.255.255.255
>>> >> ident pspmap
>>> >> local all all
>>>password
>>> >> host all all 0.0.0.0 0.0.0.0 reject
>>> >> # IPv4-style local connections:
>>> >> #host all all 127.0.0.1
>>>255.255.255.255 trust
>>> >> # IPv6-style local connections:
>>> >> host all all ::1
>>> >> ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff trust
>>> >
>>> >Yea, that's about it. My guess is that nothing is coming in via IPv4 on
>>> >your machine so 127.0.0.1 does nothing. Perhaps netstat will show the
>> > >IP address family used.
>
>--
>+--------------------------------------------------------+
>| Seum-Lim GAN email : slgan(at)lucent(dot)com |
>| Lucent Technologies |
>| 2000 N. Naperville Road, 6B-403F tel : (630)-713-6665 |
>| Naperville, IL 60566, USA. fax : (630)-713-7272 |
>| web : http://inuweb.ih.lucent.com/~slgan |
>+--------------------------------------------------------+

--
+--------------------------------------------------------+
| Seum-Lim GAN email : slgan(at)lucent(dot)com |
| Lucent Technologies |
| 2000 N. Naperville Road, 6B-403F tel : (630)-713-6665 |
| Naperville, IL 60566, USA. fax : (630)-713-7272 |
| web : http://inuweb.ih.lucent.com/~slgan |
+--------------------------------------------------------+