Re: [ADMIN] pg_hba.conf is driving me nuts

[olivier boissard]

Peter Eisentraut a écrit :

Julio Leyva wrote:
  

also make sure you started postgesql with -i option, so you can connect
from the lan



He said he had set listen_addresses to '*', which is equivalent.

  

to allow every one :

hostall all 0.0.0.0   0.0.0.0 trust


and set in postgresql.conf :
log_connections = on
to look if connections are opened

Are you running from a linux server ?
Sometimes we must look at /etc/hosts.deny and /etc/hosts.allow to make 
sure remote hosts are not rejected.


maybe you can use nmap to see if port is open .


Olivier

---(end of broadcast)---
TIP 7: You can help support the PostgreSQL project by donating at

   http://www.postgresql.org/about/donate

Re: [ADMIN] pg_hba.conf is driving me nuts

[Usama Dar]

> Now, I have set up all the appropriate port forwarding, made sure that
> there
> are no problems with firewalls on the server.


Just to make sure there really is no issue with firewall did you try
something like telnet on postgres host and port , like telnet
buggy.pg.net5432, you should get something like

telnet buggy.pg.net 5432
Trying buggy.pg.net...
Connected to buggy.pg.net.unknowndomain (some ip)
Escape character is '^]'.

i mean inorder for you to be able to directly connect to the postgres  over
WAN, you will need to open the postgres port  and you should be able to
remotely access it, just like you would open ports for ssh and ftp and other
utilities.


> I am fairly sure this is a result of a problem with pf_hba.conf.Can anyone
> advise how to configure pg_hba.conf to permit connections from any subnet
> and ip?


If there is no issue with firewall and the port is open the following should
do it

hostall all 0.0.0.0/0 trust

if you want to avoid opening the port for security reasons use ssh
tunneling, or port forwarding something like following

ssh -L 2525:localhost:5432 [EMAIL PROTECTED]

this will map the local 2525 port onto the remote hosts 5432 port, now you
can simply connect to the postgres like a local instance

psql -h localhost -p 2525 -U postgres




-- 
Usama Munir Dar http://linkedin.com/in/usamadar
Consultant Architect
Cell:+92 321 5020666
Skype: usamadar

Re: [ADMIN] pg_hba.conf is driving me nuts

[Peter Eisentraut]

Julio Leyva wrote:
> also make sure you started postgesql with -i option, so you can connect
> from the lan

He said he had set listen_addresses to '*', which is equivalent.

-- 
Peter Eisentraut
http://developer.postgresql.org/~petere/

---(end of broadcast)---
TIP 7: You can help support the PostgreSQL project by donating at

http://www.postgresql.org/about/donate

Re: [ADMIN] pg_hba.conf is driving me nuts

[Julio Leyva]

also make sure you started postgesql with -i option, so you can connect from 
the lan

Julioc.

> From: [EMAIL PROTECTED]
> To: pgsql-admin@postgresql.org
> Subject: Re: [ADMIN] pg_hba.conf is driving me nuts
> Date: Sat, 15 Dec 2007 13:39:44 +0200
> 
> Hi..yes, I have set the "listen_addresses" to "*"...rather an obvious first
> stop...As I said - I have no problems connecting locally, or on a LAN - no
> sweat at all. Simply cannot get the connection to work from another network
> over a WAN. I believe the problem stems from my not setting pg_hba.conf
> correctly, but I would love to test this!
> This is my pg_hba.conf file from my developement box:
> 
> # TYPE DATABASE USER CIDR-ADDRESS METHOD
> # IPv4 local connections:
> host all all 127.0.0.1/32 md5
> # IPv6 local connections:
> host all all 10.0.0.0/24 md5
> host all all 0.0.0.0 0.0.0.0 md5
> 
> At one stage, I even looked up the source ip address reported by aports when
> I was logged onto the machine remotely..even that address did not work. So I
> figure there is a problem with the subnet mask (don't realy understand the
> address masks all that well - I am a programmer, not a network tekkie, so it
> is kind of new territory for me). What I was wondering is if there was some
> way to allow any host to connect, regardless of ip and subnet which was the
> behaviour I expected from the 0.0.0.0 0.0.0.0 setting - of course it did
> absolutely nothing.
> 
> 
> ---(end of broadcast)---
> TIP 3: Have you checked our extensive FAQ?
> 
>http://www.postgresql.org/docs/faq

---(end of broadcast)---
TIP 2: Don't 'kill -9' the postmaster

Re: [ADMIN] pg_hba.conf is driving me nuts

[Tino Schwarze]

On Sat, Dec 15, 2007 at 01:39:44PM +0200, Klay Martens wrote:

> Hi..yes, I have set the "listen_addresses" to "*"...rather an obvious first
> stop...As I said - I have no problems connecting locally, or on a LAN - no
> sweat at all. Simply cannot get the connection to work from another network
> over a WAN. I believe the problem stems from my not setting pg_hba.conf
> correctly, but I would love to test this!
> This is my pg_hba.conf file from my developement box:
> 
> # TYPE DATABASE USER CIDR-ADDRESS METHOD
> # IPv4 local connections:
> host all all 127.0.0.1/32 md5
> # IPv6 local connections:
> host all all 10.0.0.0/24 md5
> host all all 0.0.0.0 0.0.0.0 md5
> 
> At one stage, I even looked up the source ip address reported by aports when
> I was logged onto the machine remotely..even that address did not work. So I
> figure there is a problem with the subnet mask (don't realy understand the
> address masks all that well - I am a programmer, not a network tekkie, so it
> is kind of new territory for me). What I was wondering is if there was some
> way to allow any host to connect, regardless of ip and subnet which was the
> behaviour I expected from the 0.0.0.0 0.0.0.0 setting - of course it did
> absolutely nothing.

What does the logfile say? Does PostgreSQL get a connection at all? It
should list the IP of the connecting host and a reason.

Netmasks in short (and incomplete): IPv4 address is 32bit
(0.0.0.0-255.255.255.255), netmask says how many bits neet to match,
counted from left. E.g. netmask /8 says: first 8 bits have to match,
that is, first number must be equal. /16 says: first 16 bits have to
match - first and second number must be equal. /32 means: IP has to
match.

HTH,

Tino.

-- 
www.craniosacralzentrum.de
www.lebensraum11.de
www.spiritualdesign-chemnitz.de

Tino Schwarze * Parkstraße 17h * 09120 Chemnitz

---(end of broadcast)---
TIP 2: Don't 'kill -9' the postmaster

Re: [ADMIN] pg_hba.conf is driving me nuts

[Klay Martens]

Hi..yes, I have set the "listen_addresses" to "*"...rather an obvious first
stop...As I said - I have no problems connecting locally, or on a LAN - no
sweat at all. Simply cannot get the connection to work from another network
over a WAN. I believe the problem stems from my not setting pg_hba.conf
correctly, but I would love to test this!
This is my pg_hba.conf file from my developement box:

# TYPE DATABASE USER CIDR-ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all 10.0.0.0/24 md5
host all all 0.0.0.0 0.0.0.0 md5

At one stage, I even looked up the source ip address reported by aports when
I was logged onto the machine remotely..even that address did not work. So I
figure there is a problem with the subnet mask (don't realy understand the
address masks all that well - I am a programmer, not a network tekkie, so it
is kind of new territory for me). What I was wondering is if there was some
way to allow any host to connect, regardless of ip and subnet which was the
behaviour I expected from the 0.0.0.0 0.0.0.0 setting - of course it did
absolutely nothing.


---(end of broadcast)---
TIP 3: Have you checked our extensive FAQ?

   http://www.postgresql.org/docs/faq

Re: [ADMIN] pg_hba.conf is driving me nuts

[Harald Fuchs]

In article <[EMAIL PROTECTED]>,
"Klay Martens" <[EMAIL PROTECTED]> writes:
 
> I have had a postgresql server up and running smoothly for 1.5 years now -
> no problems at all..but:
> I now need to be able to administer the server remotely, as well as allow
> remote logins from a WAN. 

Did you set the appropriate listen_addresses in postgresql.conf?


---(end of broadcast)---
TIP 2: Don't 'kill -9' the postmaster

Re: [ADMIN] pg_hba.conf is driving me nuts

[Tino Schwarze]

Hi Klay,

On Sat, Dec 15, 2007 at 11:11:53AM +0200, Klay Martens wrote:

> I was not quite sure if this is the right forum for this question (if it
> aint.oh well).
>  
> I have had a postgresql server up and running smoothly for 1.5 years now -
> no problems at all..but:
> I now need to be able to administer the server remotely, as well as allow
> remote logins from a WAN. 
> Now, I have set up all the appropriate port forwarding, made sure that there
> are no problems with firewalls on the server.but the dratted thing will not
> allow any connections from a remote pgAdmin.
> I am fairly sure this is a result of a problem with pf_hba.conf.Can anyone
> advise how to configure pg_hba.conf to permit connections from any subnet
> and ip? I know this is not really a good idea, but if the connection works,
> at least then I know where the problem is! As it is, I cannot be sure
> exactly where the connection failure is. Very annoying!

What is the exact error message when you try to connect? As stated on
top of pg_hba.conf, you may permit whole subnets access like this:

hostall all 192.168.xxx.0/24trust

Note: This is dangerous, replace "trust" by a method of your choice! But
it's good for testing.

Bye,

Tino.

-- 
www.craniosacralzentrum.de
www.lebensraum11.de
www.spiritualdesign-chemnitz.de

Tino Schwarze * Parkstraße 17h * 09120 Chemnitz

---(end of broadcast)---
TIP 7: You can help support the PostgreSQL project by donating at

http://www.postgresql.org/about/donate

Re: [ADMIN] pg_hba.conf issue

[Jayakumar_Mukundaraju]

Dear Vishal,

Its working fine...Thanks lot...

Thanks & Regards
Jayakumar M


-Original Message-
From: Vishal Arora [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 03, 2007 2:12 PM
To: Jayakumar_Mukundaraju
Subject: Re: [ADMIN] pg_hba.conf issue


Is it working now?

>From: "Jayakumar_Mukundaraju" <[EMAIL PROTECTED]>
>To: "Vishal Arora" <[EMAIL PROTECTED]>, 
>
>Subject: Re: [ADMIN] pg_hba.conf issue
>Date: Tue, 3 Jul 2007 13:04:02 +0530
>
>Hi Vishal,
>
>Thanks for the guidline.. I changed in pg_hba.conf as
172.16.85.243/32... I 
>created one superuser as postgres, I am using that user id only.
>
>Thanks & Regards
>Jayakumar M
>
>
>-Original Message-
>From: Vishal Arora [mailto:[EMAIL PROTECTED]
>Sent: Tuesday, July 03, 2007 12:57 PM
>To: Jayakumar_Mukundaraju
>Subject: Re: [ADMIN] pg_hba.conf issue
>
>One more thing I forgot to ask do you have root as the database user in

>your
>server?
>
>- Vishal
>
>
> >From: "Jayakumar_Mukundaraju" <[EMAIL PROTECTED]>
> >To: "Vishal Arora" <[EMAIL PROTECTED]>,
> >
> >Subject: Re: [ADMIN] pg_hba.conf issue
> >Date: Tue, 3 Jul 2007 12:38:38 +0530
> >
> >Hi friends,
> >
> >I herewith paste my pg_hba.conf file for your reference. This is in
> >172.16.84.76 system(Server box)
> >
> >Type Database User   IP-Address  Method
> >
> >host all all 127.0.0.1/32md5
> >host all all 172.16.84.239/32trust
> >host all all 172.16.84.240/32md5
> >host all all 172.16.84.76/32 md5
> >host all all 172.26.2.20/32  md5
> >host all all 172.16.82.243/32md5
> >
> >Thanks & Regards
> >Jayakumar M
> >
> >
> >-Original Message-
> >From: Vishal Arora [mailto:[EMAIL PROTECTED]
> >Sent: Tuesday, July 03, 2007 12:25 PM
> >To: Jayakumar_Mukundaraju
> >Subject: Re: [ADMIN] pg_hba.conf issue
> >
> >
> >Can you send me your pg_hba.conf file?
> >
> > >From: "Jayakumar_Mukundaraju" <[EMAIL PROTECTED]>
> > >To: "Vishal Arora" <[EMAIL PROTECTED]>,
> > >
> > >Subject: Re: [ADMIN] pg_hba.conf issue
> > >Date: Tue, 3 Jul 2007 10:29:19 +0530
> > >
> > >Hi friends,
> > >
> > >Yes,In 172.16.84.76 system in pg_hba.conf I added 172.16.85.243 ip
> > >address. Kindly give me explain of IPv4 block...
> > >
> > >Thanks & Regards
> > >Jayakumar M
> > >
> > >
> > >-Original Message-
> > >From: Vishal Arora [mailto:[EMAIL PROTECTED]
> > >Sent: Tuesday, July 03, 2007 9:52 AM
> > >To: Jayakumar_Mukundaraju; pgsql-admin@postgresql.org
> > >Subject: RE: [ADMIN] pg_hba.conf issue
> > >
> > >
> > >
> > >
> > > >From: "Jayakumar_Mukundaraju" <[EMAIL PROTECTED]>
> > > >To: 
> > > >Subject: [ADMIN] pg_hba.conf issue
> > > >Date: Mon, 2 Jul 2007 19:21:36 +0530
> > > >
> > > >Hi friends,
> > > >
> > > >I am Jayakumar and  new to PostgreSQL world. I am using
PostgreSQL
> > >8.1.3
> > > >in Windows 2000 machine.
> > > >
> > > >My problem is, I am unable to connect to PostgreSQL server from
> >another
> > > >machine's psql client.
> > > >
> > > >My system IP is 172.16.84.76, and client machine IP is
172.16.85.243.
> > > >
> > > >I can connect to the PostgreSQL server with " psql -Uroot
> > > >-h172.16.84.76"
> > > >from same system(172.16.84.76)
> > > >
> > > >If I give the above command from 172.16.85.243, results
> > > >
> > > >D:\\Program Files\PostgreSQL\8.1\bin>psql -Uroot - h172.16.84.76
> > > >psql: could not connect to server: Connection refused
> > >(0x274D/10061)
> > > > Is the server running on host "172.16.84.76" and
accepting
> > > > TCP/IP connections on port 5432?
> > > >
> > > >I don't know how to do this in windows.
> > > >
> > > >
> > > >here pg_hba.conf entries follows
> > > >*
> > > >hostall all 172.16.84.76/32 md5
> > > >hostall all 172.16.85.243/32md5
> > > >
> > >
>

Re: [ADMIN] pg_hba.conf issue

[Jayakumar_Mukundaraju]

Hi Vishal,

Thanks for the guidline.. I changed in pg_hba.conf as 172.16.85.243/32... I 
created one superuser as postgres, I am using that user id only.

Thanks & Regards
Jayakumar M


-Original Message-
From: Vishal Arora [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 03, 2007 12:57 PM
To: Jayakumar_Mukundaraju
Subject: Re: [ADMIN] pg_hba.conf issue

One more thing I forgot to ask do you have root as the database user in your 
server?

- Vishal


>From: "Jayakumar_Mukundaraju" <[EMAIL PROTECTED]>
>To: "Vishal Arora" <[EMAIL PROTECTED]>, 
>
>Subject: Re: [ADMIN] pg_hba.conf issue
>Date: Tue, 3 Jul 2007 12:38:38 +0530
>
>Hi friends,
>
>I herewith paste my pg_hba.conf file for your reference. This is in
>172.16.84.76 system(Server box)
>
>Type   Database User   IP-Address  Method
>
>host   all all 127.0.0.1/32md5
>host   all all 172.16.84.239/32trust
>host   all all 172.16.84.240/32md5
>host   all all 172.16.84.76/32 md5
>host   all all 172.26.2.20/32  md5
>host   all all 172.16.82.243/32md5
>
>Thanks & Regards
>Jayakumar M
>
>
>-Original Message-
>From: Vishal Arora [mailto:[EMAIL PROTECTED]
>Sent: Tuesday, July 03, 2007 12:25 PM
>To: Jayakumar_Mukundaraju
>Subject: Re: [ADMIN] pg_hba.conf issue
>
>
>Can you send me your pg_hba.conf file?
>
> >From: "Jayakumar_Mukundaraju" <[EMAIL PROTECTED]>
> >To: "Vishal Arora" <[EMAIL PROTECTED]>,
> >
> >Subject: Re: [ADMIN] pg_hba.conf issue
> >Date: Tue, 3 Jul 2007 10:29:19 +0530
> >
> >Hi friends,
> >
> >Yes,In 172.16.84.76 system in pg_hba.conf I added 172.16.85.243 ip
> >address. Kindly give me explain of IPv4 block...
> >
> >Thanks & Regards
> >Jayakumar M
> >
> >
> >-Original Message-
> >From: Vishal Arora [mailto:[EMAIL PROTECTED]
> >Sent: Tuesday, July 03, 2007 9:52 AM
> >To: Jayakumar_Mukundaraju; pgsql-admin@postgresql.org
> >Subject: RE: [ADMIN] pg_hba.conf issue
> >
> >
> >
> >
> > >From: "Jayakumar_Mukundaraju" <[EMAIL PROTECTED]>
> > >To: 
> > >Subject: [ADMIN] pg_hba.conf issue
> > >Date: Mon, 2 Jul 2007 19:21:36 +0530
> > >
> > >Hi friends,
> > >
> > >I am Jayakumar and  new to PostgreSQL world. I am using PostgreSQL
> >8.1.3
> > >in Windows 2000 machine.
> > >
> > >My problem is, I am unable to connect to PostgreSQL server from
>another
> > >machine's psql client.
> > >
> > >My system IP is 172.16.84.76, and client machine IP is 172.16.85.243.
> > >
> > >I can connect to the PostgreSQL server with " psql -Uroot
> > >-h172.16.84.76"
> > >from same system(172.16.84.76)
> > >
> > >If I give the above command from 172.16.85.243, results
> > >
> > >D:\\Program Files\PostgreSQL\8.1\bin>psql -Uroot - h172.16.84.76
> > >psql: could not connect to server: Connection refused
> >(0x274D/10061)
> > > Is the server running on host "172.16.84.76" and accepting
> > > TCP/IP connections on port 5432?
> > >
> > >I don't know how to do this in windows.
> > >
> > >
> > >here pg_hba.conf entries follows
> > >*
> > >hostall all 172.16.84.76/32 md5
> > >hostall all 172.16.85.243/32md5
> > >
> >
> >Is this pg_hba.conf file is located at (172.16.84.76)? Further are
>these
> >
> >entries made in IPv4 block?
> >
> >
> > >here postgre.conf entry follows
> > >***
> >
> >#--
> >-
> > >
> > ># CONNECTIONS AND AUTHENTICATION
> >
> >#--
> >-
> > >
> > >
> > ># - Connection Settings -
> > >
> > >listen_addresses = '*'# what IP address(es) to listen on;
> > > # comma-separated list of addresses;
> > > # defaults to 'localhost', '*' = all
> > >port = 5432
> > >max_connections = 100
> > ># note: increasing max_connections costs ~400 bytes of shared memory
> >per
> > ># connection slot, plus lock space (see max

Re: [ADMIN] pg_hba.conf issue

[Vishal Arora]

Where is the entry for client machine with IP 172.16.85.243 ? I can see an 
entry for

hostall all 172.16.82.243/32md5

It should be

hostall all 172.16.85.243/32md5

Please check that.

- Vishal



From: "Jayakumar_Mukundaraju" <[EMAIL PROTECTED]>
To: "Vishal Arora" <[EMAIL PROTECTED]>, 


Subject: Re: [ADMIN] pg_hba.conf issue
Date: Tue, 3 Jul 2007 12:38:38 +0530

Hi friends,

I herewith paste my pg_hba.conf file for your reference. This is in
172.16.84.76 system(Server box)

TypeDatabase User   IP-Address  Method

hostall all 127.0.0.1/32md5
hostall all 172.16.84.239/32trust
hostall all 172.16.84.240/32md5
hostall all 172.16.84.76/32 md5
hostall all 172.26.2.20/32  md5
hostall all 172.16.82.243/32md5

Thanks & Regards
Jayakumar M


-Original Message-
From: Vishal Arora [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 03, 2007 12:25 PM
To: Jayakumar_Mukundaraju
Subject: Re: [ADMIN] pg_hba.conf issue


Can you send me your pg_hba.conf file?

>From: "Jayakumar_Mukundaraju" <[EMAIL PROTECTED]>
>To: "Vishal Arora" <[EMAIL PROTECTED]>,
>
>Subject: Re: [ADMIN] pg_hba.conf issue
>Date: Tue, 3 Jul 2007 10:29:19 +0530
>
>Hi friends,
>
>Yes,In 172.16.84.76 system in pg_hba.conf I added 172.16.85.243 ip
>address. Kindly give me explain of IPv4 block...
>
>Thanks & Regards
>Jayakumar M
>
>
>-Original Message-
>From: Vishal Arora [mailto:[EMAIL PROTECTED]
>Sent: Tuesday, July 03, 2007 9:52 AM
>To: Jayakumar_Mukundaraju; pgsql-admin@postgresql.org
>Subject: RE: [ADMIN] pg_hba.conf issue
>
>
>
>
> >From: "Jayakumar_Mukundaraju" <[EMAIL PROTECTED]>
> >To: 
> >Subject: [ADMIN] pg_hba.conf issue
> >Date: Mon, 2 Jul 2007 19:21:36 +0530
> >
> >Hi friends,
> >
> >I am Jayakumar and  new to PostgreSQL world. I am using PostgreSQL
>8.1.3
> >in Windows 2000 machine.
> >
> >My problem is, I am unable to connect to PostgreSQL server from
another
> >machine's psql client.
> >
> >My system IP is 172.16.84.76, and client machine IP is 172.16.85.243.
> >
> >I can connect to the PostgreSQL server with " psql -Uroot
> >-h172.16.84.76"
> >from same system(172.16.84.76)
> >
> >If I give the above command from 172.16.85.243, results
> >
> >D:\\Program Files\PostgreSQL\8.1\bin>psql -Uroot - h172.16.84.76
> >psql: could not connect to server: Connection refused
>(0x274D/10061)
> > Is the server running on host "172.16.84.76" and accepting
> > TCP/IP connections on port 5432?
> >
> >I don't know how to do this in windows.
> >
> >
> >here pg_hba.conf entries follows
> >*
> >hostall all 172.16.84.76/32 md5
> >hostall all 172.16.85.243/32md5
> >
>
>Is this pg_hba.conf file is located at (172.16.84.76)? Further are
these
>
>entries made in IPv4 block?
>
>
> >here postgre.conf entry follows
> >***
>
>#--
>-
> >
> ># CONNECTIONS AND AUTHENTICATION
>
>#--
>-
> >
> >
> ># - Connection Settings -
> >
> >listen_addresses = '*'# what IP address(es) to listen on;
> > # comma-separated list of addresses;
> > # defaults to 'localhost', '*' = all
> >port = 5432
> >max_connections = 100
> ># note: increasing max_connections costs ~400 bytes of shared memory
>per
> ># connection slot, plus lock space (see max_locks_per_transaction).
>You
> ># might also need to raise shared_buffers to support more
connections.
> >
> >
> >superuser_reserved_connections = 10
> >
> >#unix_socket_directory = ''
> >#unix_socket_group = ''
> >#unix_socket_permissions = 0777# octal
> >#bonjour_name = ''# defaults to the computer name
> >
> ># - Security & Authentication -
> >
> >authentication_timeout = 150# 1-600, in seconds
> >
> >#ssl = on
> >
> >#password_encryption = on
> >#db_user_namespace = off
> >
> ># Kerberos
> >#krb_server_keyfile = ''
> >#krb_srvname = 'postgres'
> >#krb_server_h

Re: [ADMIN] pg_hba.conf issue

[Jayakumar_Mukundaraju]

Hi friends,

I herewith paste my pg_hba.conf file for your reference. This is in
172.16.84.76 system(Server box)

TypeDatabase User   IP-Address  Method

hostall all 127.0.0.1/32md5
hostall all 172.16.84.239/32trust
hostall all 172.16.84.240/32md5
hostall all 172.16.84.76/32 md5
hostall all 172.26.2.20/32  md5
hostall all 172.16.82.243/32md5

Thanks & Regards
Jayakumar M


-Original Message-
From: Vishal Arora [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 03, 2007 12:25 PM
To: Jayakumar_Mukundaraju
Subject: Re: [ADMIN] pg_hba.conf issue


Can you send me your pg_hba.conf file?

>From: "Jayakumar_Mukundaraju" <[EMAIL PROTECTED]>
>To: "Vishal Arora" <[EMAIL PROTECTED]>, 
>
>Subject: Re: [ADMIN] pg_hba.conf issue
>Date: Tue, 3 Jul 2007 10:29:19 +0530
>
>Hi friends,
>
>Yes,In 172.16.84.76 system in pg_hba.conf I added 172.16.85.243 ip
>address. Kindly give me explain of IPv4 block...
>
>Thanks & Regards
>Jayakumar M
>
>
>-Original Message-
>From: Vishal Arora [mailto:[EMAIL PROTECTED]
>Sent: Tuesday, July 03, 2007 9:52 AM
>To: Jayakumar_Mukundaraju; pgsql-admin@postgresql.org
>Subject: RE: [ADMIN] pg_hba.conf issue
>
>
>
>
> >From: "Jayakumar_Mukundaraju" <[EMAIL PROTECTED]>
> >To: 
> >Subject: [ADMIN] pg_hba.conf issue
> >Date: Mon, 2 Jul 2007 19:21:36 +0530
> >
> >Hi friends,
> >
> >I am Jayakumar and  new to PostgreSQL world. I am using PostgreSQL
>8.1.3
> >in Windows 2000 machine.
> >
> >My problem is, I am unable to connect to PostgreSQL server from
another
> >machine's psql client.
> >
> >My system IP is 172.16.84.76, and client machine IP is 172.16.85.243.
> >
> >I can connect to the PostgreSQL server with " psql -Uroot
> >-h172.16.84.76"
> >from same system(172.16.84.76)
> >
> >If I give the above command from 172.16.85.243, results
> >
> >D:\\Program Files\PostgreSQL\8.1\bin>psql -Uroot - h172.16.84.76
> >psql: could not connect to server: Connection refused
>(0x274D/10061)
> > Is the server running on host "172.16.84.76" and accepting
> > TCP/IP connections on port 5432?
> >
> >I don't know how to do this in windows.
> >
> >
> >here pg_hba.conf entries follows
> >*
> >hostall all 172.16.84.76/32 md5
> >hostall all 172.16.85.243/32md5
> >
>
>Is this pg_hba.conf file is located at (172.16.84.76)? Further are
these
>
>entries made in IPv4 block?
>
>
> >here postgre.conf entry follows
> >***
>
>#--
>-
> >
> ># CONNECTIONS AND AUTHENTICATION
>
>#--
>-
> >
> >
> ># - Connection Settings -
> >
> >listen_addresses = '*'# what IP address(es) to listen on;
> > # comma-separated list of addresses;
> > # defaults to 'localhost', '*' = all
> >port = 5432
> >max_connections = 100
> ># note: increasing max_connections costs ~400 bytes of shared memory
>per
> ># connection slot, plus lock space (see max_locks_per_transaction).
>You
> ># might also need to raise shared_buffers to support more
connections.
> >
> >
> >superuser_reserved_connections = 10
> >
> >#unix_socket_directory = ''
> >#unix_socket_group = ''
> >#unix_socket_permissions = 0777# octal
> >#bonjour_name = ''# defaults to the computer name
> >
> ># - Security & Authentication -
> >
> >authentication_timeout = 150# 1-600, in seconds
> >
> >#ssl = on
> >
> >#password_encryption = on
> >#db_user_namespace = off
> >
> ># Kerberos
> >#krb_server_keyfile = ''
> >#krb_srvname = 'postgres'
> >#krb_server_hostname = ''# empty string matches any keytab
>entry
> >#krb_caseins_users = off
> >
> ># - TCP Keepalives -
> ># see 'man 7 tcp' for details
> >
> >#tcp_keepalives_idle = 0# TCP_KEEPIDLE, in seconds;
> > # 0 selects the system default
> >#tcp_keepalives_interval = 0# TCP_KEEPINTVL, in seconds;
> >   

Re: [ADMIN] pg_hba.conf issue

[Vishal Arora]

From: Ritu Khetan <[EMAIL PROTECTED]>
To: Tom Lane <[EMAIL PROTECTED]>
CC: pgsql-admin@postgresql.org,[EMAIL PROTECTED]
Subject: Re: [ADMIN] pg_hba.conf issue
Date: Tue, 3 Jul 2007 11:01:10 +0530

What does ::1/128 signify?


Its the IPv6 notification to loopback address. In other words it is as good 
as specifying 127.0.0.1 in IPv4.



Regards,
Ritu




Tom Lane
 <[EMAIL PROTECTED]>
Sent by:To
 [EMAIL PROTECTED] Ritu Khetan
   resql.org <[EMAIL PROTECTED]>
cc
 pgsql-admin@postgresql.org
 02/07/2007 09:08 PM   Subject
             Re: [ADMIN] pg_hba.conf issue










Ritu Khetan <[EMAIL PROTECTED]> writes:
> # IPv4 local connections:
> hostall all 127.0.0.1/32  trust
> # IPv6 local connections:
> #hostall all ::1/128   trust
> #hostall all 172.21.42.121/24   trust
> hostall all 172.21.51.56/24   trust

> While this works at most of the locations, we have a peculiar error
coming
> up at 2-3 locations. The error reads:

> no pg_hba.conf entry for host "::1" , user "crisil" , database "crisil" 
,

> SSL off "

No surprise: you have the IPv6 line commented out.  Dunno why these
particular boxes are preferring IPv6 to IPv4, maybe something different
about the local DNS environment?  Anyway, there is no point in refusing
to serve ::1/128 if you're accepting 127.0.0.1.

 regards, tom lane

---(end of broadcast)---
TIP 6: explain analyze is your friend

Disclaimer :
This message (including any attachments) contains confidential information. 
If you are not the intended recipient, please delete the message (including 
any attachments) from your system without using, transmitting or storing 
it. Please also immediately inform the sender. E-mails are not secure and 
may suffer from errors, viruses, unauthorized interceptions / amendments. 
CRISIL and its subsidiaries do not accept any liability for loss or damage 
caused by this e-mail and may monitor e-mail traffic.


---(end of broadcast)---
TIP 4: Have you searched our list archives?

   http://archives.postgresql.org


_
http://imagine-windowslive.com/hotmail/?locale=en-us&ocid=TXT_TAGHM_migration_HM_mini_pcmag_0507


---(end of broadcast)---
TIP 7: You can help support the PostgreSQL project by donating at

   http://www.postgresql.org/about/donate

Re: [ADMIN] pg_hba.conf issue

[Jayakumar_Mukundaraju]

Hi friends,

Yes,In 172.16.84.76 system in pg_hba.conf I added 172.16.85.243 ip
address. Kindly give me explain of IPv4 block...  

Thanks & Regards
Jayakumar M


-Original Message-
From: Vishal Arora [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 03, 2007 9:52 AM
To: Jayakumar_Mukundaraju; pgsql-admin@postgresql.org
Subject: RE: [ADMIN] pg_hba.conf issue




>From: "Jayakumar_Mukundaraju" <[EMAIL PROTECTED]>
>To: 
>Subject: [ADMIN] pg_hba.conf issue
>Date: Mon, 2 Jul 2007 19:21:36 +0530
>
>Hi friends,
>
>I am Jayakumar and  new to PostgreSQL world. I am using PostgreSQL
8.1.3
>in Windows 2000 machine.
>
>My problem is, I am unable to connect to PostgreSQL server from another
>machine's psql client.
>
>My system IP is 172.16.84.76, and client machine IP is 172.16.85.243.
>
>I can connect to the PostgreSQL server with " psql -Uroot
>-h172.16.84.76"
>from same system(172.16.84.76)
>
>If I give the above command from 172.16.85.243, results
>
>D:\\Program Files\PostgreSQL\8.1\bin>psql -Uroot - h172.16.84.76
>psql: could not connect to server: Connection refused
(0x274D/10061)
> Is the server running on host "172.16.84.76" and accepting
> TCP/IP connections on port 5432?
>
>I don't know how to do this in windows.
>
>
>here pg_hba.conf entries follows
>*
>hostall all 172.16.84.76/32 md5
>hostall all 172.16.85.243/32md5
>

Is this pg_hba.conf file is located at (172.16.84.76)? Further are these

entries made in IPv4 block?


>here postgre.conf entry follows
>***
>#--
-
>
># CONNECTIONS AND AUTHENTICATION
>#--
-
>
>
># - Connection Settings -
>
>listen_addresses = '*'# what IP address(es) to listen on;
> # comma-separated list of addresses;
> # defaults to 'localhost', '*' = all
>port = 5432
>max_connections = 100
># note: increasing max_connections costs ~400 bytes of shared memory
per
># connection slot, plus lock space (see max_locks_per_transaction).
You
># might also need to raise shared_buffers to support more connections.
>
>
>superuser_reserved_connections = 10
>
>#unix_socket_directory = ''
>#unix_socket_group = ''
>#unix_socket_permissions = 0777# octal
>#bonjour_name = ''# defaults to the computer name
>
># - Security & Authentication -
>
>authentication_timeout = 150# 1-600, in seconds
>
>#ssl = on
>
>#password_encryption = on
>#db_user_namespace = off
>
># Kerberos
>#krb_server_keyfile = ''
>#krb_srvname = 'postgres'
>#krb_server_hostname = ''# empty string matches any keytab
entry
>#krb_caseins_users = off
>
># - TCP Keepalives -
># see 'man 7 tcp' for details
>
>#tcp_keepalives_idle = 0# TCP_KEEPIDLE, in seconds;
> # 0 selects the system default
>#tcp_keepalives_interval = 0# TCP_KEEPINTVL, in seconds;
> # 0 selects the system default
>#tcp_keepalives_count = 0# TCP_KEEPCNT;
> # 0 selects the system default
>
>Please find my problem, give me the solution...
>
>Thanks & Regards
>Jayakumar M
>
>
>
>DISCLAIMER:
>This email (including any attachments) is intended for the sole use of
the 
>intended recipient/s and may contain material that is CONFIDENTIAL AND 
>PRIVATE COMPANY INFORMATION. Any review or reliance by others or
copying or 
>distribution or forwarding of any or all of the contents in this
message is 
>STRICTLY PROHIBITED. If you are not the intended recipient, please
contact 
>the sender by email and delete all copies; your cooperation in this
regard 
>is appreciated.
>
>---(end of
broadcast)---
>TIP 4: Have you searched our list archives?
>
>http://archives.postgresql.org

_
http://liveearth.msn.com




DISCLAIMER:
This email (including any attachments) is intended for the sole use of the 
intended recipient/s and may contain material that is CONFIDENTIAL AND PRIVATE 
COMPANY INFORMATION. Any review or reliance by others or copying or 
distribution or forwarding of any or all of the contents in this message is 
STRICTLY PROHIBITED. If you are not the intended recipient, please contact the 
sender by email and delete all copies; your cooperation in this regard is 
appreciated.

---(end of broadcast)---
TIP 1: if posting/reading through Usenet, please send an appropriate
   subscribe-nomail command to [EMAIL PROTECTED] so that your
   message can get through to the mailing list cleanly

Re: [ADMIN] pg_hba.conf issue

[Ritu Khetan]

What does ::1/128 signify?

Regards,
Ritu



   
Tom Lane   
 <[EMAIL PROTECTED]>   
Sent by:To 
 [EMAIL PROTECTED] Ritu Khetan   
   resql.org <[EMAIL PROTECTED]>  
cc 
 pgsql-admin@postgresql.org
 02/07/2007 09:08 PM   Subject 
         Re: [ADMIN] pg_hba.conf issue 
   
   
   
   
   
   




Ritu Khetan <[EMAIL PROTECTED]> writes:
> # IPv4 local connections:
> hostall all 127.0.0.1/32  trust
> # IPv6 local connections:
> #hostall all ::1/128   trust
> #hostall all 172.21.42.121/24   trust
> hostall all 172.21.51.56/24   trust

> While this works at most of the locations, we have a peculiar error
coming
> up at 2-3 locations. The error reads:

> no pg_hba.conf entry for host "::1" , user "crisil" , database "crisil" ,
> SSL off "

No surprise: you have the IPv6 line commented out.  Dunno why these
particular boxes are preferring IPv6 to IPv4, maybe something different
about the local DNS environment?  Anyway, there is no point in refusing
to serve ::1/128 if you're accepting 127.0.0.1.

 regards, tom lane

---(end of broadcast)---
TIP 6: explain analyze is your friend

Disclaimer : 
This message (including any attachments) contains confidential information. If 
you are not the intended recipient, please delete the message (including any 
attachments) from your system without using, transmitting or storing it. Please 
also immediately inform the sender. E-mails are not secure and may suffer from 
errors, viruses, unauthorized interceptions / amendments. CRISIL and its 
subsidiaries do not accept any liability for loss or damage caused by this 
e-mail and may monitor e-mail traffic.

---(end of broadcast)---
TIP 4: Have you searched our list archives?

   http://archives.postgresql.org

Re: [ADMIN] pg_hba.conf issue

[Vishal Arora]

From: "Jayakumar_Mukundaraju" <[EMAIL PROTECTED]>
To: 
Subject: [ADMIN] pg_hba.conf issue
Date: Mon, 2 Jul 2007 19:21:36 +0530

Hi friends,

I am Jayakumar and  new to PostgreSQL world. I am using PostgreSQL 8.1.3
in Windows 2000 machine.

My problem is, I am unable to connect to PostgreSQL server from another
machine's psql client.

My system IP is 172.16.84.76, and client machine IP is 172.16.85.243.

I can connect to the PostgreSQL server with " psql -Uroot
-h172.16.84.76"
from same system(172.16.84.76)

If I give the above command from 172.16.85.243, results

D:\\Program Files\PostgreSQL\8.1\bin>psql -Uroot - h172.16.84.76
psql: could not connect to server: Connection refused (0x274D/10061)
Is the server running on host "172.16.84.76" and accepting
TCP/IP connections on port 5432?

I don't know how to do this in windows.


here pg_hba.conf entries follows
*
hostall all 172.16.84.76/32 md5
hostall all 172.16.85.243/32md5



Is this pg_hba.conf file is located at (172.16.84.76)? Further are these 
entries made in IPv4 block?




here postgre.conf entry follows
***
#---

# CONNECTIONS AND AUTHENTICATION
#---


# - Connection Settings -

listen_addresses = '*'# what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost', '*' = all
port = 5432
max_connections = 100
# note: increasing max_connections costs ~400 bytes of shared memory per
# connection slot, plus lock space (see max_locks_per_transaction).  You
# might also need to raise shared_buffers to support more connections.


superuser_reserved_connections = 10

#unix_socket_directory = ''
#unix_socket_group = ''
#unix_socket_permissions = 0777# octal
#bonjour_name = ''# defaults to the computer name

# - Security & Authentication -

authentication_timeout = 150# 1-600, in seconds

#ssl = on

#password_encryption = on
#db_user_namespace = off

# Kerberos
#krb_server_keyfile = ''
#krb_srvname = 'postgres'
#krb_server_hostname = ''# empty string matches any keytab entry
#krb_caseins_users = off

# - TCP Keepalives -
# see 'man 7 tcp' for details

#tcp_keepalives_idle = 0# TCP_KEEPIDLE, in seconds;
# 0 selects the system default
#tcp_keepalives_interval = 0# TCP_KEEPINTVL, in seconds;
# 0 selects the system default
#tcp_keepalives_count = 0# TCP_KEEPCNT;
# 0 selects the system default

Please find my problem, give me the solution...

Thanks & Regards
Jayakumar M



DISCLAIMER:
This email (including any attachments) is intended for the sole use of the 
intended recipient/s and may contain material that is CONFIDENTIAL AND 
PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or 
distribution or forwarding of any or all of the contents in this message is 
STRICTLY PROHIBITED. If you are not the intended recipient, please contact 
the sender by email and delete all copies; your cooperation in this regard 
is appreciated.


---(end of broadcast)---
TIP 4: Have you searched our list archives?

   http://archives.postgresql.org


_
http://liveearth.msn.com


---(end of broadcast)---
TIP 9: In versions below 8.0, the planner will ignore your desire to
  choose an index scan if your joining column's datatypes do not
  match

Re: [ADMIN] pg_hba.conf issue

[Vishal Arora]

From: Ritu Khetan <[EMAIL PROTECTED]>
To: pgsql-admin@postgresql.org
Subject: [ADMIN] pg_hba.conf issue
Date: Mon, 2 Jul 2007 18:40:22 +0530


Hi friends,

We have a product with Postgres 8.1 integrated for installations on
Windows. The standard pg_hba.conf configuration going in the package is


# TYPE  DATABASEUSERCIDR-ADDRESS  METHOD

# IPv4 local connections:
hostall all 127.0.0.1/32  trust
# IPv6 local connections:
#hostall all ::1/128   trust
#hostall all 172.21.42.121/24   trust
hostall all 172.21.51.56/24   trust


Move your entries from IPv6 to IPv4 block.



While this works at most of the locations, we have a peculiar error coming
up at 2-3 locations. The error reads:



Regards,
Ritu
Disclaimer :
This message (including any attachments) contains confidential information. 
If you are not the intended recipient, please delete the message (including 
any attachments) from your system without using, transmitting or storing 
it. Please also immediately inform the sender. E-mails are not secure and 
may suffer from errors, viruses, unauthorized interceptions / amendments. 
CRISIL and its subsidiaries do not accept any liability for loss or damage 
caused by this e-mail and may monitor e-mail traffic.


---(end of broadcast)---
TIP 4: Have you searched our list archives?

   http://archives.postgresql.org


_
http://liveearth.msn.com


---(end of broadcast)---
TIP 6: explain analyze is your friend

Re: [ADMIN] pg_hba.conf issue

[Tom Lane]

Ritu Khetan <[EMAIL PROTECTED]> writes:
> # IPv4 local connections:
> hostall all 127.0.0.1/32  trust
> # IPv6 local connections:
> #hostall all ::1/128   trust
> #hostall all 172.21.42.121/24   trust
> hostall all 172.21.51.56/24   trust

> While this works at most of the locations, we have a peculiar error coming
> up at 2-3 locations. The error reads:

> no pg_hba.conf entry for host "::1" , user "crisil" , database "crisil" ,
> SSL off "

No surprise: you have the IPv6 line commented out.  Dunno why these
particular boxes are preferring IPv6 to IPv4, maybe something different
about the local DNS environment?  Anyway, there is no point in refusing
to serve ::1/128 if you're accepting 127.0.0.1.

regards, tom lane

---(end of broadcast)---
TIP 6: explain analyze is your friend

Re: [ADMIN] pg_hba.conf & putty

[Moritz Bayer]

Thanks a lot,
the change of the tunnels IP address to 127.0.0.1 made it!

:-)
Great!



2007/3/6, Phillip Smith <[EMAIL PROTECTED]>:


 I know your problem (I think)



Your SSH forward you said is defined as:

Lserver.ip.address:5432



So the requests will be coming from your server's IP address via the eth0
interface… You need to change this to 127.0.0.1 to make it use the lo
interface, and then the requests will come from 127.0.0.1 to match your
pg_hba.conf



Cheers,

~p





-Original Message-
*From:* [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] *On Behalf Of *Moritz Bayer
*Sent:* Tuesday, 6 March 2007 10:58
*To:* Phillip Smith
*Cc:* pgsql-admin@postgresql.org
*Subject:* Re: [ADMIN] pg_hba.conf & putty



hello phillip,

yes, the connection i defined in pgadmin uses localhost:5432.

Still, no success :(




 2007/3/6, Phillip Smith < [EMAIL PROTECTED]>:

What address are you connecting to on your desktop computer? You should be
using localhost:5432 which putty will redirect to the server via the SSH
tunnel and the server will connect to PostgreSQL on your behalf.



~p



-Original Message-
*From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
*On Behalf Of *Moritz Bayer
*Sent:* Tuesday, 6 March 2007 10:31
*To:* pgsql-admin@postgresql.org
*Subject:* [ADMIN] pg_hba.conf & putty



dear list,

I know there are already hunderts of posts about pg_hba.conf, but still
after reading a few of them I still got troubles with this topic.

I've got a vpn server  with a ststic ip address, java apps are supposed to
run there receiving data from a postgresql database.
The database is running, but for changes on it I want to open a putty
connection while using pgAdmin.
In putty, I define a tunnel to port 5432, its displayed like this:
Lserver.ip.address:5432

Thought this entries in my pg_hba.conf would do it:

# "local" is for Unix domain socket connections only
local   all all   md5

# IPv4 local connections:
hostall all 127.0.0.1/32  md5

# IPv6 local connections:
hostall all ::1/128   md5

well, it doesn't. When i run  pgAdmin with an open  putty connection, it
still says: error connecting to server.

Any hints how I can find out whats still wrong?

Thanks in advance,
Mo



Confidentiality and Privilege
Notice

The material contained in this message is privileged and confidential to
the addressee. If you are not the addressee indicated in this message or
responsible for delivery of the message to such person, you may not copy or
deliver this message to anyone, and you should destroy it and kindly notify
the sender by reply email.

Information in this message that does not relate to the official business
of Weatherbeeta must be treated as neither given nor endorsed by
Weatherbeeta. Weatherbeeta, its employees, contractors or associates shall
not be liable for direct, indirect or consequential loss arising from
transmission of this message or any attachments



Confidentiality and Privilege
Notice

The material contained in this message is privileged and confidential to
the addressee. If you are not the addressee indicated in this message or
responsible for delivery of the message to such person, you may not copy or
deliver this message to anyone, and you should destroy it and kindly notify
the sender by reply email.

Information in this message that does not relate to the official business
of Weatherbeeta must be treated as neither given nor endorsed by
Weatherbeeta. Weatherbeeta, its employees, contractors or associates shall
not be liable for direct, indirect or consequential loss arising from
transmission of this message or any attachments

Re: [ADMIN] pg_hba.conf & putty

[Phillip Smith]

I know your problem (I think)

 

Your SSH forward you said is defined as:

Lserver.ip.address:5432

 

So the requests will be coming from your server's IP address via the eth0
interface. You need to change this to 127.0.0.1 to make it use the lo
interface, and then the requests will come from 127.0.0.1 to match your
pg_hba.conf

 

Cheers,

~p

 

 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Moritz Bayer
Sent: Tuesday, 6 March 2007 10:58
To: Phillip Smith
Cc: pgsql-admin@postgresql.org
Subject: Re: [ADMIN] pg_hba.conf & putty

 

hello phillip,
 
yes, the connection i defined in pgadmin uses localhost:5432. 

Still, no success :(






2007/3/6, Phillip Smith < <mailto:[EMAIL PROTECTED]>
[EMAIL PROTECTED]>:

What address are you connecting to on your desktop computer? You should be
using localhost:5432 which putty will redirect to the server via the SSH
tunnel and the server will connect to PostgreSQL on your behalf.

 

~p

 

-Original Message-
From: [EMAIL PROTECTED] [mailto:
<mailto:[EMAIL PROTECTED]>  [EMAIL PROTECTED]
On Behalf Of Moritz Bayer
Sent: Tuesday, 6 March 2007 10:31
To: pgsql-admin@postgresql.org
Subject: [ADMIN] pg_hba.conf & putty

 

dear list,

I know there are already hunderts of posts about pg_hba.conf, but still
after reading a few of them I still got troubles with this topic.

I've got a vpn server  with a ststic ip address, java apps are supposed to
run there receiving data from a postgresql database. 
The database is running, but for changes on it I want to open a putty
connection while using pgAdmin.
In putty, I define a tunnel to port 5432, its displayed like this:
Lserver.ip.address:5432

Thought this entries in my pg_hba.conf would do it: 

# "local" is for Unix domain socket connections only
local   all all   md5

# IPv4 local connections:
hostall all 127.0.0.1/32  md5

# IPv6 local connections:
hostall all ::1/128   md5

well, it doesn't. When i run  pgAdmin with an open  putty connection, it
still says: error connecting to server. 

Any hints how I can find out whats still wrong?

Thanks in advance,
Mo

 

***Confidentiality and Privilege Notice*** 

The material contained in this message is privileged and confidential to the
addressee. If you are not the addressee indicated in this message or
responsible for delivery of the message to such person, you may not copy or
deliver this message to anyone, and you should destroy it and kindly notify
the sender by reply email. 

Information in this message that does not relate to the official business of
Weatherbeeta must be treated as neither given nor endorsed by Weatherbeeta.
Weatherbeeta, its employees, contractors or associates shall not be liable
for direct, indirect or consequential loss arising from transmission of this
message or any attachments 

 



***Confidentiality and Privilege Notice***

The material contained in this message is privileged and confidential to
the addressee.  If you are not the addressee indicated in this message or
responsible for delivery of the message to such person, you may not copy
or deliver this message to anyone, and you should destroy it and kindly
notify the sender by reply email.

Information in this message that does not relate to the official business
of Weatherbeeta must be treated as neither given nor endorsed by Weatherbeeta.
Weatherbeeta, its employees, contractors or associates shall not be liable
for direct, indirect or consequential loss arising from transmission of this
message or any attachments

Re: [ADMIN] pg_hba.conf & putty

[Andy Shellam]

What address are you using for "server.ip.address"?
I believe this is the address you should put in your pg_hba.conf, not 
127.0.0.1.


Then in PgAdmin, connect to localhost:5432.
You can always check your PostgreSQL logs and see what source address 
the request is coming from.


Andy.

Moritz Bayer wrote:

dear list,

I know there are already hunderts of posts about pg_hba.conf, but 
still after reading a few of them I still got troubles with this topic.


I've got a vpn server  with a ststic ip address, java apps are 
supposed to run there receiving data from a postgresql database.
The database is running, but for changes on it I want to open a putty 
connection while using pgAdmin.
In putty, I define a tunnel to port 5432, its displayed like this: 
Lserver.ip.address:5432


Thought this entries in my pg_hba.conf would do it:

# "local" is for Unix domain socket connections only
local   all all   md5

# IPv4 local connections:
hostall all 127.0.0.1/32 
  md5


# IPv6 local connections:
hostall all ::1/128   md5

well, it doesn't. When i run  pgAdmin with an open  putty connection, 
it still says: error connecting to server.


Any hints how I can find out whats still wrong?

Thanks in advance,
Mo
!DSPAM:37,45ecaa2b103007769414910! 



---(end of broadcast)---
TIP 2: Don't 'kill -9' the postmaster

Re: [ADMIN] pg_hba.conf & putty

[Moritz Bayer]

hello phillip,

yes, the connection i defined in pgadmin uses localhost:5432.

Still, no success :(





2007/3/6, Phillip Smith <[EMAIL PROTECTED]>:


 What address are you connecting to on your desktop computer? You should
be using localhost:5432 which putty will redirect to the server via the SSH
tunnel and the server will connect to PostgreSQL on your behalf.



~p



-Original Message-
*From:* [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] *On Behalf Of *Moritz Bayer
*Sent:* Tuesday, 6 March 2007 10:31
*To:* pgsql-admin@postgresql.org
*Subject:* [ADMIN] pg_hba.conf & putty



dear list,

I know there are already hunderts of posts about pg_hba.conf, but still
after reading a few of them I still got troubles with this topic.

I've got a vpn server  with a ststic ip address, java apps are supposed to
run there receiving data from a postgresql database.
The database is running, but for changes on it I want to open a putty
connection while using pgAdmin.
In putty, I define a tunnel to port 5432, its displayed like this:
Lserver.ip.address:5432

Thought this entries in my pg_hba.conf would do it:

# "local" is for Unix domain socket connections only
local   all all   md5

# IPv4 local connections:
hostall all 127.0.0.1/32  md5

# IPv6 local connections:
hostall all ::1/128   md5

well, it doesn't. When i run  pgAdmin with an open  putty connection, it
still says: error connecting to server.

Any hints how I can find out whats still wrong?

Thanks in advance,
Mo

Confidentiality and Privilege
Notice

The material contained in this message is privileged and confidential to
the addressee. If you are not the addressee indicated in this message or
responsible for delivery of the message to such person, you may not copy or
deliver this message to anyone, and you should destroy it and kindly notify
the sender by reply email.

Information in this message that does not relate to the official business
of Weatherbeeta must be treated as neither given nor endorsed by
Weatherbeeta. Weatherbeeta, its employees, contractors or associates shall
not be liable for direct, indirect or consequential loss arising from
transmission of this message or any attachments

Re: [ADMIN] pg_hba.conf & putty

[Phillip Smith]

What address are you connecting to on your desktop computer? You should be
using localhost:5432 which putty will redirect to the server via the SSH
tunnel and the server will connect to PostgreSQL on your behalf.

 

~p

 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Moritz Bayer
Sent: Tuesday, 6 March 2007 10:31
To: pgsql-admin@postgresql.org
Subject: [ADMIN] pg_hba.conf & putty

 

dear list,

I know there are already hunderts of posts about pg_hba.conf, but still
after reading a few of them I still got troubles with this topic.

I've got a vpn server  with a ststic ip address, java apps are supposed to
run there receiving data from a postgresql database. 
The database is running, but for changes on it I want to open a putty
connection while using pgAdmin.
In putty, I define a tunnel to port 5432, its displayed like this:
Lserver.ip.address:5432

Thought this entries in my pg_hba.conf would do it: 

# "local" is for Unix domain socket connections only
local   all all   md5

# IPv4 local connections:
hostall all 127.0.0.1/32  md5

# IPv6 local connections:
hostall all ::1/128   md5

well, it doesn't. When i run  pgAdmin with an open  putty connection, it
still says: error connecting to server. 

Any hints how I can find out whats still wrong?

Thanks in advance,
Mo



***Confidentiality and Privilege Notice***

The material contained in this message is privileged and confidential to
the addressee.  If you are not the addressee indicated in this message or
responsible for delivery of the message to such person, you may not copy
or deliver this message to anyone, and you should destroy it and kindly
notify the sender by reply email.

Information in this message that does not relate to the official business
of Weatherbeeta must be treated as neither given nor endorsed by Weatherbeeta.
Weatherbeeta, its employees, contractors or associates shall not be liable
for direct, indirect or consequential loss arising from transmission of this
message or any attachments

Re: [ADMIN] pg_hba.conf stuff

[Rob van der Linde]

Yes! that's it, thanks heaps.

I had a .pgpass file in the home directory of the client PC. It's
possible PgAdmin III or some other program created it.

Thanks heaps, now I know it was not actually a security issue with my
server.

On Wed, 2007-02-28 at 17:15 -0800, Jeff Frost wrote:
> On Thu, 1 Mar 2007, Rob van der Linde wrote:
> 
> > On that server I have a user account, called "ynui", and I also have a
> > postgres user called "ynui", they have the same password. Now the
> > server's IP is 192.168.0.1
> >
> > My main postgres conf has in it:
> >
> > listen_addresses = 'localhost,192.168.0.1'
> >
> > my pg_hba.conf is:
> >
> > # "local" is for Unix domain socket connections only
> > local   all all   md5
> > # IPv4 local connections:
> > hostall all 127.0.0.1/32  md5
> > # IPv6 local connections:
> > hostall all ::1/128   md5
> > # Internal network
> > hostall all 192.168.0.0/24md5
> >
> > Now I have a client PC 192.168.0.10, it's also running Linux and the
> > unix account name on this machine is rob. I have the postgres client
> > installed on this machine and am connecting like this:
> >
> > psql -h 192.168.0.1 -U ynui
> >
> > Now my problem is, because the server has on it a user account "ynui"
> > and postgres also has a user called "ynui", with the same password, it
> > goes straight in, without asking for the password at all!!!
> >
> > This is even though I specifically configured the "Internal network"
> > section in my pg_hba.conf file for "md5", and this "ynui" unix user is
> > actually on the server, not on the client pc. Then why does it still go
> > straight in from the client PC without asking for the password for the
> > "ynui" user?
> >
> > Any ideas? is there any way to prevent this automatic login, or is the
> > only way to have the unix "ynui" user and postgres "ynui" user no the
> > server to have a different password? I would prefer them not to have
> > different passwords however if possible.
> >
> > Any ideas? any help would be appreciated.
> 
> Rob,
> 
> The local OS user on the server should have no effect on postgres 
> connectivity 
> when connecting via the network.
> 
> Do you by chance have a .pgpass file in the home directory of the OS user 
> you're using to run psql?
> 
> Also, did you reload postgresql after you made the changes to the pg_hba.conf?
> 


---(end of broadcast)---
TIP 5: don't forget to increase your free space map settings

Re: [ADMIN] pg_hba.conf stuff

[Jeff Frost]

Yes, pgadmin3 uses .pgpass to store its connection info - so that's your 
likely culprit.


On Thu, 1 Mar 2007, Rob van der Linde wrote:


I had a .pgpass file in the home directory of the client PC. It's
possible PgAdmin III or some other program created it.


--
Jeff Frost, Owner   <[EMAIL PROTECTED]>
Frost Consulting, LLC   http://www.frostconsultingllc.com/
Phone: 650-780-7908 FAX: 650-649-1954

---(end of broadcast)---
TIP 9: In versions below 8.0, the planner will ignore your desire to
  choose an index scan if your joining column's datatypes do not
  match

Re: [ADMIN] pg_hba.conf stuff

[Jeff Frost]

On Thu, 1 Mar 2007, Rob van der Linde wrote:


On that server I have a user account, called "ynui", and I also have a
postgres user called "ynui", they have the same password. Now the
server's IP is 192.168.0.1

My main postgres conf has in it:

listen_addresses = 'localhost,192.168.0.1'

my pg_hba.conf is:

# "local" is for Unix domain socket connections only
local   all all   md5
# IPv4 local connections:
hostall all 127.0.0.1/32  md5
# IPv6 local connections:
hostall all ::1/128   md5
# Internal network
hostall all 192.168.0.0/24md5

Now I have a client PC 192.168.0.10, it's also running Linux and the
unix account name on this machine is rob. I have the postgres client
installed on this machine and am connecting like this:

psql -h 192.168.0.1 -U ynui

Now my problem is, because the server has on it a user account "ynui"
and postgres also has a user called "ynui", with the same password, it
goes straight in, without asking for the password at all!!!

This is even though I specifically configured the "Internal network"
section in my pg_hba.conf file for "md5", and this "ynui" unix user is
actually on the server, not on the client pc. Then why does it still go
straight in from the client PC without asking for the password for the
"ynui" user?

Any ideas? is there any way to prevent this automatic login, or is the
only way to have the unix "ynui" user and postgres "ynui" user no the
server to have a different password? I would prefer them not to have
different passwords however if possible.

Any ideas? any help would be appreciated.


Rob,

The local OS user on the server should have no effect on postgres connectivity 
when connecting via the network.


Do you by chance have a .pgpass file in the home directory of the OS user 
you're using to run psql?


Also, did you reload postgresql after you made the changes to the pg_hba.conf?

--
Jeff Frost, Owner   <[EMAIL PROTECTED]>
Frost Consulting, LLC   http://www.frostconsultingllc.com/
Phone: 650-780-7908 FAX: 650-649-1954

---(end of broadcast)---
TIP 4: Have you searched our list archives?

  http://archives.postgresql.org

Re: [ADMIN] pg_hba.conf multiple auth_metods question

[Peter Eisentraut]

Gémes Géza wrote:
> I have successfully deployed krb5 or pam (with pam_krb5)
> authentication with my clients.
> My question is: Can I use both in a failover fashion?

Not in PostgreSQL, but you could probably hook Kerberos into PAM.

-- 
Peter Eisentraut
http://developer.postgresql.org/~petere/

---(end of broadcast)---
TIP 5: don't forget to increase your free space map settings

Re: [ADMIN] pg_hba.conf: 'trust' vs. 'md5' Issues

[Jeanna Geier]

Thank you, Thank you, Thank you!! :o)

Jeff - Thanks in particular for your help on this, it is greatly 
appreciated!


It was a hidden folder, but not anymore!!  I found the file and re-set the 
password for the 'postgres' user and can now connect using my 'md5' hostssl 
connection:


   hostssl all all 127.0.0.1/32 md5
__

   C:\msys\1.0\local\pgsql\bin>psql -d apt -U postgres
   Password:
   Welcome to psql 8.0.8, the PostgreSQL interactive terminal.

   Type:  \copyright for distribution terms
  \h for help with SQL commands
  \? for help with psql commands
  \g or terminate with semicolon to execute query
  \q to quit

   SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)

   Warning: Console code page (437) differs from Windows code page (1252)
8-bit characters may not work correctly. See psql reference
page "Notes for Windows users" for details.

   apt=#

Again, thanks for everyone's time and effort on this!  This mailing list is 
top-notch!!

-Jeanna

- Original Message - 
From: "Jeff Frost" <[EMAIL PROTECTED]>

To: "Alvaro Herrera" <[EMAIL PROTECTED]>
Cc: "Jeanna Geier" <[EMAIL PROTECTED]>; "Tom Lane" <[EMAIL PROTECTED]>; 
; 

Sent: Tuesday, September 26, 2006 12:35 PM
Subject: Re: [ADMIN] pg_hba.conf: 'trust' vs. 'md5' Issues



On Tue, 26 Sep 2006, Alvaro Herrera wrote:


Jeanna Geier wrote:
Searched again for 'pgpass' and for the 'Application Data' directory 
with

no luck...


The file is called "pgpass.conf" on Windows.  As for the "Application
Data", it may be called differently if your Windows is localized -- try
looking for %APPDATA%.  (I think I'd do this by opening a terminal
window and "echo %APPDATA%" or "cd %APPDATA%").


You can also just click start, run then type %appdata% and windows will 
open an explorer window in that directory.  I guess it's also possible you 
need to turn on the view hidden and system directories in the explorer 
options to see/find in that directory, but I'm not sure.


--
Jeff 'Frosty' Frost - AFM #996 - Frost Consulting, LLC Racing
http://www.frostconsultingllc.com/ http://www.motonation.com/
http://www.suomy-usa.com/ http://www.motionpro.com/
http://www.motorexusa.com/ http://www.lockhartphillipsusa.com/
http://www.zoomzoomtrackdays.com/ http://www.braking.com/





---(end of broadcast)---
TIP 9: In versions below 8.0, the planner will ignore your desire to
  choose an index scan if your joining column's datatypes do not
  match

Re: [ADMIN] pg_hba.conf: 'trust' vs. 'md5' Issues

[Jeff Frost]

On Tue, 26 Sep 2006, Alvaro Herrera wrote:


Jeanna Geier wrote:

Searched again for 'pgpass' and for the 'Application Data' directory with
no luck...


The file is called "pgpass.conf" on Windows.  As for the "Application
Data", it may be called differently if your Windows is localized -- try
looking for %APPDATA%.  (I think I'd do this by opening a terminal
window and "echo %APPDATA%" or "cd %APPDATA%").


You can also just click start, run then type %appdata% and windows 
will open an explorer window in that directory.  I guess it's also possible 
you need to turn on the view hidden and system directories in the explorer 
options to see/find in that directory, but I'm not sure.


--
Jeff 'Frosty' Frost - AFM #996 - Frost Consulting, LLC Racing
http://www.frostconsultingllc.com/  http://www.motonation.com/
http://www.suomy-usa.com/   http://www.motionpro.com/
http://www.motorexusa.com/  http://www.lockhartphillipsusa.com/
http://www.zoomzoomtrackdays.com/   http://www.braking.com/


---(end of broadcast)---
TIP 5: don't forget to increase your free space map settings

Re: [ADMIN] pg_hba.conf: 'trust' vs. 'md5' Issues

[Alvaro Herrera]

Jeanna Geier wrote:
> Searched again for 'pgpass' and for the 'Application Data' directory with 
> no luck...

The file is called "pgpass.conf" on Windows.  As for the "Application
Data", it may be called differently if your Windows is localized -- try
looking for %APPDATA%.  (I think I'd do this by opening a terminal
window and "echo %APPDATA%" or "cd %APPDATA%").

-- 
Alvaro Herrerahttp://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.

---(end of broadcast)---
TIP 3: Have you checked our extensive FAQ?

   http://www.postgresql.org/docs/faq

Re: [ADMIN] pg_hba.conf: 'trust' vs. 'md5' Issues

[Jeanna Geier]

Searched again for 'pgpass' and for the 'Application Data' directory with no 
luck...


And, tell me it ain't so "you don't have to build the windows version from 
source to use SSL" -- I had two seperate posters tell me that I did and I 
wrestled with it for a bit...for nothing??  Ah, live and learn! :o)  I don't 
think I'll consider myself a 'newbie' after this project is done. :o)


- Original Message - 
From: "Jeff Frost" <[EMAIL PROTECTED]>

To: "Jeanna Geier" <[EMAIL PROTECTED]>
Cc: ""Tom Lane"" <[EMAIL PROTECTED]>; ; 


Sent: Tuesday, September 26, 2006 12:16 PM
Subject: Re: [ADMIN] pg_hba.conf: 'trust' vs. 'md5' Issues



On Tue, 26 Sep 2006, Jeanna Geier wrote:

Any thoughts??  Like I said previously, I did build this on Windows from 
source so we could use the SSL option.could I have missed something 
when I was doing that? (It was my first time and I was following 
instructions from the INSTALL docs)



Jeanna, see my earlier email regarding all the different variations and 
also where to find your pgpass file on windows.  But, please note, you 
don't have to build the windows version from source to use SSL.  The two 
binary versions I was using for testing both worked fine with SSL.





---(end of broadcast)---
TIP 1: if posting/reading through Usenet, please send an appropriate
  subscribe-nomail command to [EMAIL PROTECTED] so that your
  message can get through to the mailing list cleanly

Re: [ADMIN] pg_hba.conf: 'trust' vs. 'md5' Issues

[Jeff Frost]

On Tue, 26 Sep 2006, Jeanna Geier wrote:

Any thoughts??  Like I said previously, I did build this on Windows from 
source so we could use the SSL option.could I have missed something when 
I was doing that? (It was my first time and I was following instructions from 
the INSTALL docs)



Jeanna, see my earlier email regarding all the different variations and also 
where to find your pgpass file on windows.  But, please note, you don't have 
to build the windows version from source to use SSL.  The two binary versions 
I was using for testing both worked fine with SSL.


---(end of broadcast)---
TIP 2: Don't 'kill -9' the postmaster

Re: [ADMIN] pg_hba.conf: 'trust' vs. 'md5' Issues

[Jeanna Geier]

OK, so after doing some more testing and configuring to see if I can narrow 
this down, I'm more confused than ever! =)  Because now I cannot connect to 
my database unless the method is 'trust'; shouldn't I be able to connect 
using the correct password if 'password' is the method in the pg_hba.conf 
file?


To look into Tom's theory of the password being short-circuited, I did a 
search on my pc for 'pgpass' and only came up with an html file, and I don't 
think that's doing it...  and I don't know of any other places where this 
could/would be occuring.


In my pg_hba.conf file I set up six different configurations (restarting the 
server between each one, to be sure it was using the new settings), with the 
following results:


No HostSSL
---
1) hostssl disabled; host enabled - method: md5
   log-in results:   pgadmin: passwd prompt & passwd authentication failed
  cmd pmpt: passwd prompt & psql: FATAL:  password 
authentication failed for user "postgres"


2) hostssl disabled; host enabled - method: password
   log-in results:   pgadmin: passwd prompt & passwd authentication failed
  cmd pmpt: passwd prompt & psql: FATAL:  password 
authentication failed for user "postgres"


3) hostssl disabled; host enabled - method: trust
   log-in results:   pgadmin: passwd prompt & connects after password is 
entered
   cmd pmpt: no password prompt & connects with 
"SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)" line displayed


With HostSSL
-
4) host disabled; hostssl enabled - method: md5
   log-in results:   pgadmin: no passwd prompt; "Connecting to 
databaseFailed."
  cmd pmpt: passwd prompt & psql: FATAL:  no 
pg_hba.conf entry for host "127.0.0.1", user "postgres", database "apt", SSL 
off


5) host disabled; hostssl enabled - method: password
   log-in results:   pgadmin: no passwd prompt; "Connecting to 
databaseFailed."
  cmd pmpt: passwd prompt & psql: FATAL:  no 
pg_hba.conf entry for host "127.0.0.1", user "postgres", database "apt", SSL 
off


6) host disabled; hostssl enabled - method: trust
   log-in results:   pgadmin: passwd prompt & connects after password is 
entered
   cmd pmpt: no password prompt & connects with 
"SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)" line displayed



Any thoughts??  Like I said previously, I did build this on Windows from 
source so we could use the SSL option.could I have missed something when 
I was doing that? (It was my first time and I was following instructions 
from the INSTALL docs)


Thanks so much for your time and assistance!
-Jeanna

- Original Message - 
From: "Jeff Frost" <[EMAIL PROTECTED]>

To: "Tom Lane" <[EMAIL PROTECTED]>
Cc: "Jeanna Geier" <[EMAIL PROTECTED]>; ; 


Sent: Tuesday, September 26, 2006 11:40 AM
Subject: Re: [ADMIN] pg_hba.conf: 'trust' vs. 'md5' Issues



On Tue, 26 Sep 2006, Tom Lane wrote:


Jeff Frost <[EMAIL PROTECTED]> writes:
Interestingly, I receive the same error when I disable SSL on the 
server:


If SSL is disabled then hostssl lines in pg_hba.conf effectively become
no-ops --- they can never be matched since no incoming connection will
be SSL-ified.  So that part of it sounds reasonable to me.  (Perhaps we
could log some kind of complaint in this case, though the easy places
to put in such a message would generate an unacceptably large number of
repetitions of the message :-()

But, when I put the trust line back with hostssl, I do not get connected 
as

per her original indication.


Please be clearer about what you mean here --- Jeanna *was* able to
connect in this case, if I'm not totally confused.


Sorry, Tom.  I should have been more clear.  I was trying to reproduce her 
problem by leaving ssl=off in the postgresql.conf (as if she didn't 
restart postgres after the pg_hba.conf change), to see if the hostssl line 
magically became a host line.  But, she later indicated that she saw the 
SSL encryption info in the psql line when she got connected with this 
method, so that kind of ruled that out.  See my later e-mail where I tried 
lots of different methods.


I suppose it's also possible there is a host all all 127.0.0.1/32 trust 
line later in the pg_hba.conf that it's falling through and hitting, but I 
think your .pgpass theory is the best.


--
Jeff 'Frosty' Frost - AFM #996 - Frost Consulting, LLC Racing
http://www.frostconsultingllc.com/ http://www.motonation.com/
http://www.suomy-usa.com/ http://www.motionpro.com/
http://www.motorexusa.com/ http://www.lockhartphillipsusa.com/
http://www.zoomzoomtrackdays.com/ http://www.braking.com/





---(end of broadcast)---
TIP 3: Have you checked our extensive FAQ?

  http://www.postgresql.org/docs/faq

Re: [ADMIN] pg_hba.conf: 'trust' vs. 'md5' Issues

[Jeff Frost]

On Tue, 26 Sep 2006, Jeff Frost wrote:

But, when I put the trust line back with hostssl, I do not get connected as 
per her original indication.  Of course this is with my 8.1.4 windows server 
and not 8.0.8.  Is it possible that 8.0.8 was more liberal with the hostssl 
vs host interpretation if ssl was disabled?


I also tried making it so the postgres user could not read the server.crt and 
server.key files and this yielded the same result:


C:\temp\pgsql\lib>..\bin\psql -h localhost -U postgres postgres
psql: FATAL:  no pg_hba.conf entry for host "127.0.0.1", user "postgres", 
database "postgres", SSL off


Can anyone think of an iteration I haven't tried?  I'll go reset the postgres 
user password to something I know and start the 8.0.8 server by hand 
momentarily.


Well, here's what happens with 8.0.8 server and 8.0.8 client.  I ran 
through as many iterations as I could think of, so this gets rather long. If 
you just want to skip to the bottom and see that Tom appears to have nailed 
the cause, that'll save you some reading. :-)


With proper server.crt and server.key, and ssl=true and this pg_hba.conf:

# TYPE DATABASE USER CIDR-ADDRESS METHOD
# IPv4 local connections:
#host all all 127.0.0.1/32 trust
# IPv6 local connections:
#host all all ::1/128 trust
hostssl all all 127.0.0.1/32 md5

I get:

C:\temp\pgsql\lib>..\bin\psql -h localhost -U postgres template1
Password:
Welcome to psql 8.0.8, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
   \h for help with SQL commands
   \? for help with psql commands
   \g or terminate with semicolon to execute query
   \q to quit

SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)

Warning: Console code page (437) differs from Windows code page (1252)
 8-bit characters may not work correctly. See psql reference
 page "Notes for Windows users" for details.

So that seems to work ok.  With ssl=false and the same settings above, I get:

C:\temp\pgsql\lib>..\bin\psql -h localhost -U postgres template1
psql: FATAL:  no pg_hba.conf entry for host "127.0.0.1", user "postgres", 
database "template1", SSL off


Also, as you would expect.

If postgres can't read server.key (with ssl=true), you get the following error 
when starting the postmaster (as expected):


C:\temp\pgsql\lib>"..\bin"\postmaster -D "../data"
FATAL:  could not load private key file "C:/temp/pgsql/lib/../data/server.key":
Input/output error

If postgres can read server.key (with ssl=true), but can't read server.crt you 
get the expected error:


C:\temp\pgsql\lib>"..\bin"\postmaster -D "../data" FATAL:  could not load 
server certificate file "C:/temp/pgsql/lib/../data/server.crt": Input/output 
error


Testing the pgpass theory of Tom's seems to make Tom the winner again.  I 
modified my %appdata%\postgresql\pgpass.conf and put a bad password in like 
so:


localhost:5432:*:postgres:p0stgres

I was then rewarded with the exact same error message Jeanna is receiving:

C:\temp\pgsql\lib>..\bin\psql -h localhost -U postgres template1
psql: FATAL:  no pg_hba.conf entry for host "127.0.0.1", user "postgres", 
database "template1", SSL off


Removing it and I'm back in business:

C:\temp\pgsql\lib>..\bin\psql -h localhost -U postgres template1
Password:
Welcome to psql 8.0.8, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
   \h for help with SQL commands
   \? for help with psql commands
   \g or terminate with semicolon to execute query
   \q to quit

SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)

Warning: Console code page (437) differs from Windows code page (1252)
 8-bit characters may not work correctly. See psql reference
 page "Notes for Windows users" for details.

template1=#

So, I'd say that's near definitive proof.  Jeanna, check your 
%appdata%\postgresql\pgpass.conf.  The default path for that would be 
something like this for my user jeff:


C:\Documents and Settings\jeff\Application Data\postgresql

BTW, looks like that's where pgadmin3 stores passwords (I was suprised to see 
a pgpass.conf full of various connection info before I realized pgadmin must 
be storing them here), so that's likely how you would've gotten the wrong one 
in there in the first place.


--
Jeff Frost, Owner   <[EMAIL PROTECTED]>
Frost Consulting, LLC   http://www.frostconsultingllc.com/
Phone: 650-780-7908 FAX: 650-649-1954


---(end of broadcast)---
TIP 9: In versions below 8.0, the planner will ignore your desire to
  choose an index scan if your joining column's datatypes do not
  match

Re: [ADMIN] pg_hba.conf: 'trust' vs. 'md5' Issues

[Jeff Frost]

On Tue, 26 Sep 2006, Tom Lane wrote:


Jeff Frost <[EMAIL PROTECTED]> writes:

Interestingly, I receive the same error when I disable SSL on the server:


If SSL is disabled then hostssl lines in pg_hba.conf effectively become
no-ops --- they can never be matched since no incoming connection will
be SSL-ified.  So that part of it sounds reasonable to me.  (Perhaps we
could log some kind of complaint in this case, though the easy places
to put in such a message would generate an unacceptably large number of
repetitions of the message :-()


But, when I put the trust line back with hostssl, I do not get connected as
per her original indication.


Please be clearer about what you mean here --- Jeanna *was* able to
connect in this case, if I'm not totally confused.


Sorry, Tom.  I should have been more clear.  I was trying to reproduce her 
problem by leaving ssl=off in the postgresql.conf (as if she didn't restart 
postgres after the pg_hba.conf change), to see if the hostssl line magically 
became a host line.  But, she later indicated that she saw the SSL encryption 
info in the psql line when she got connected with this method, so that kind of 
ruled that out.  See my later e-mail where I tried lots of different methods.


I suppose it's also possible there is a host all all 127.0.0.1/32 trust line 
later in the pg_hba.conf that it's falling through and hitting, but I think 
your .pgpass theory is the best.


--
Jeff 'Frosty' Frost - AFM #996 - Frost Consulting, LLC Racing
http://www.frostconsultingllc.com/  http://www.motonation.com/
http://www.suomy-usa.com/   http://www.motionpro.com/
http://www.motorexusa.com/  http://www.lockhartphillipsusa.com/
http://www.zoomzoomtrackdays.com/   http://www.braking.com/


---(end of broadcast)---
TIP 2: Don't 'kill -9' the postmaster

Re: [ADMIN] pg_hba.conf: 'trust' vs. 'md5' Issues

[Tom Lane]

Jeff Frost <[EMAIL PROTECTED]> writes:
> Interestingly, I receive the same error when I disable SSL on the server:

If SSL is disabled then hostssl lines in pg_hba.conf effectively become
no-ops --- they can never be matched since no incoming connection will
be SSL-ified.  So that part of it sounds reasonable to me.  (Perhaps we
could log some kind of complaint in this case, though the easy places
to put in such a message would generate an unacceptably large number of
repetitions of the message :-()

> But, when I put the trust line back with hostssl, I do not get connected as 
> per her original indication.

Please be clearer about what you mean here --- Jeanna *was* able to
connect in this case, if I'm not totally confused.

regards, tom lane

---(end of broadcast)---
TIP 6: explain analyze is your friend

Re: [ADMIN] pg_hba.conf: 'trust' vs. 'md5' Issues

[Jeff Frost]

On Tue, 26 Sep 2006, Tom Lane wrote:


Jeff Frost <[EMAIL PROTECTED]> writes:

Do you remember if the problem was on the 8.0.8 server side that caused the
lack of prompting?


No, I'm pretty sure it was a client-side issue (and I thought we'd fixed
it by 8.0.8 anyway, so I'm glad to see your test agrees).

Jeanna, do you maybe have a pgpass file or something else that would
short-circuit the password prompt?  It could be that your problem boils
down to supplying the wrong password behind-the-scenes.


Interestingly, I receive the same error when I disable SSL on the server:

C:\temp\pgsql\lib>..\bin\psql -h localhost -U postgres postgres
psql: FATAL:  no pg_hba.conf entry for host "127.0.0.1", user "postgres", 
database "postgres", SSL off


But, when I put the trust line back with hostssl, I do not get connected as 
per her original indication.  Of course this is with my 8.1.4 windows server 
and not 8.0.8.  Is it possible that 8.0.8 was more liberal with the hostssl 
vs host interpretation if ssl was disabled?


I also tried making it so the postgres user could not read the server.crt and 
server.key files and this yielded the same result:


C:\temp\pgsql\lib>..\bin\psql -h localhost -U postgres postgres
psql: FATAL:  no pg_hba.conf entry for host "127.0.0.1", user "postgres", 
database "postgres", SSL off


Can anyone think of an iteration I haven't tried?  I'll go reset the postgres 
user password to something I know and start the 8.0.8 server by hand 
momentarily.


--
Jeff Frost, Owner   <[EMAIL PROTECTED]>
Frost Consulting, LLC   http://www.frostconsultingllc.com/
Phone: 650-780-7908 FAX: 650-649-1954


---(end of broadcast)---
TIP 4: Have you searched our list archives?

  http://archives.postgresql.org

Re: [ADMIN] pg_hba.conf: 'trust' vs. 'md5' Issues

[Tom Lane]

Jeff Frost <[EMAIL PROTECTED]> writes:
> Do you remember if the problem was on the 8.0.8 server side that caused the 
> lack of prompting?

No, I'm pretty sure it was a client-side issue (and I thought we'd fixed
it by 8.0.8 anyway, so I'm glad to see your test agrees).

Jeanna, do you maybe have a pgpass file or something else that would
short-circuit the password prompt?  It could be that your problem boils
down to supplying the wrong password behind-the-scenes.

regards, tom lane

---(end of broadcast)---
TIP 1: if posting/reading through Usenet, please send an appropriate
   subscribe-nomail command to [EMAIL PROTECTED] so that your
   message can get through to the mailing list cleanly

Re: [ADMIN] pg_hba.conf: 'trust' vs. 'md5' Issues

[Jeff Frost]

On Tue, 26 Sep 2006, Jeff Frost wrote:


As for Jeanna's problem, I don't see any password prompt at all in her
example.  I've forgotten the details, but wasn't there a password
prompting problem with 8.0.x on Windows?



It worked great with 8.1.4.  Let me download 8.0.8 and try that on Windows 
since that appears to be what she's using.  More later.


Looks like the windows 8.0.8 psql worked fine against my running windows 
8.1.4 server:


C:\temp\pgsql\lib>..\bin\psql -h localhost -U postgres postgres
Password:
Welcome to psql 8.0.8, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
   \h for help with SQL commands
   \? for help with psql commands
   \g or terminate with semicolon to execute query
   \q to quit

SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)

Warning: Console code page (437) differs from Windows code page (1252)
 8-bit characters may not work correctly. See psql reference
 page "Notes for Windows users" for details.

postgres=#

Do you remember if the problem was on the 8.0.8 server side that caused the 
lack of prompting?


--
Jeff 'Frosty' Frost - AFM #996 - Frost Consulting, LLC Racing
http://www.frostconsultingllc.com/  http://www.motonation.com/
http://www.suomy-usa.com/   http://www.motionpro.com/
http://www.motorexusa.com/  http://www.lockhartphillipsusa.com/
http://www.zoomzoomtrackdays.com/   http://www.braking.com/


---(end of broadcast)---
TIP 1: if posting/reading through Usenet, please send an appropriate
  subscribe-nomail command to [EMAIL PROTECTED] so that your
  message can get through to the mailing list cleanly

Re: [ADMIN] pg_hba.conf: 'trust' vs. 'md5' Issues

[Jeff Frost]

On Tue, 26 Sep 2006, Tom Lane wrote:


"Jeanna Geier" <[EMAIL PROTECTED]> writes:

[ hostssl works with 'trust' but not 'md5' ]
It's only when I change the connection method to 'md5' that I'm running into
problems -- then I cannot connect from pgadmin or the command line.



As for Jeanna's problem, I don't see any password prompt at all in her
example.  I've forgotten the details, but wasn't there a password
prompting problem with 8.0.x on Windows?



It worked great with 8.1.4.  Let me download 8.0.8 and try that on Windows 
since that appears to be what she's using.  More later.


---(end of broadcast)---
TIP 4: Have you searched our list archives?

  http://archives.postgresql.org

Re: [ADMIN] pg_hba.conf: 'trust' vs. 'md5' Issues

[Jeff Frost]

On Tue, 26 Sep 2006, Jeff Frost wrote:

It seems that for some reason either your server or your client are not 
trying to use SSL.  Note the: "SSL off" in the error message you received. 
Do you have a server.crt in the data directory of the postgres server?




I guess I should have also asked if you have the

ssl = true

in postgresql.conf?

---
Jeff Frost, Owner   <[EMAIL PROTECTED]>
Frost Consulting, LLC   http://www.frostconsultingllc.com/
Phone: 650-780-7908 FAX: 650-649-1954


---(end of broadcast)---
TIP 2: Don't 'kill -9' the postmaster

Re: [ADMIN] pg_hba.conf: 'trust' vs. 'md5' Issues

[Tom Lane]

"Jeanna Geier" <[EMAIL PROTECTED]> writes:
> [ hostssl works with 'trust' but not 'md5' ]
> It's only when I change the connection method to 'md5' that I'm running into 
> problems -- then I cannot connect from pgadmin or the command line.

I experimented with this using CVS HEAD, and found that SSL+md5 works
fine as long as I enter the correct password ... but if I give a wrong
password I get

$ psql -h localhost regression
Password:
psql: FATAL:  no pg_hba.conf entry for host "127.0.0.1", user "tgl", database 
"regression", SSL off
$

which is at best pretty misleading :-(.  I think libpq is probably
mishandling the "bad password" error and concluding that it should fall
back to a non-SSL connection, which the server then rejects.  Will look
into it.

As for Jeanna's problem, I don't see any password prompt at all in her
example.  I've forgotten the details, but wasn't there a password
prompting problem with 8.0.x on Windows?

regards, tom lane

---(end of broadcast)---
TIP 9: In versions below 8.0, the planner will ignore your desire to
   choose an index scan if your joining column's datatypes do not
   match

Re: [ADMIN] pg_hba.conf: 'trust' vs. 'md5' Issues

[Jeff Frost]

On Tue, 26 Sep 2006, Jeanna Geier wrote:

Yes, I have ssl=true in postgresql.conf. (password encryption is commented 
out - is that OK?: #password_encryption = true)


Also, yes, server.crt is in the 'data' directory of my postgres server, as is 
server.key.


And, yes, when I am able to start Postgres (when using 'trust' in the 
pg_hba.conf file vs. 'md5'), I do so the 'SSL connection' line:


It's only when I change the connection method to 'md5' that I'm running into 
problems -- then I cannot connect from pgadmin or the command line.




I just went through setting up SSL on the windows postgresql server and here 
are two other things to check:


Did you restart the postgresql service after making the changes?  (I'm not 
sure how to issue a reload with the windows version.)


Also, did you make sure that server.crt and server.key are accessible for read 
by the account under which the postgresql service is running?


After verifying both of those, I got a working SSL connection under windows:

C:\Program Files\PostgreSQL\8.1\bin>psql -U postgres postgres
Password for user postgres:
Welcome to psql 8.1.4, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
   \h for help with SQL commands
   \? for help with psql commands
   \g or terminate with semicolon to execute query
   \q to quit

SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)

Warning: Console code page (437) differs from Windows code page (1252)
 8-bit characters may not work correctly. See psql reference
 page "Notes for Windows users" for details.

postgres=#


--
Jeff Frost, Owner   <[EMAIL PROTECTED]>
Frost Consulting, LLC   http://www.frostconsultingllc.com/
Phone: 650-780-7908 FAX: 650-649-1954


---(end of broadcast)---
TIP 5: don't forget to increase your free space map settings

Re: [ADMIN] pg_hba.conf: 'trust' vs. 'md5' Issues

[Jeanna Geier]

Hi Jeff-

Thanks so much for the reply.

Yes, I have ssl=true in postgresql.conf. (password encryption is commented 
out - is that OK?: #password_encryption = true)


Also, yes, server.crt is in the 'data' directory of my postgres server, as 
is server.key.


And, yes, when I am able to start Postgres (when using 'trust' in the 
pg_hba.conf file vs. 'md5'), I do so the 'SSL connection' line:


   C:\msys\1.0\local\pgsql\bin>psql -d apt -U postgres
   Welcome to psql 8.0.8, the PostgreSQL interactive terminal.

   Type:  \copyright for distribution terms
  \h for help with SQL commands
  \? for help with psql commands
  \g or terminate with semicolon to execute query
  \q to quit

   SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)

   Warning: Console code page (437) differs from Windows code page (1252)
8-bit characters may not work correctly. See psql reference
page "Notes for Windows users" for details.

   apt=#

It's only when I change the connection method to 'md5' that I'm running into 
problems -- then I cannot connect from pgadmin or the command line.


Thanks,
-Jeanna

- Original Message - 
From: "Jeff Frost" <[EMAIL PROTECTED]>

To: "Jeanna Geier" <[EMAIL PROTECTED]>
Cc: 
Sent: Tuesday, September 26, 2006 10:05 AM
Subject: Re: [ADMIN] pg_hba.conf: 'trust' vs. 'md5' Issues



On Tue, 26 Sep 2006, Jeff Frost wrote:

It seems that for some reason either your server or your client are not 
trying to use SSL.  Note the: "SSL off" in the error message you 
received. Do you have a server.crt in the data directory of the postgres 
server?




I guess I should have also asked if you have the

ssl = true

in postgresql.conf?

---
Jeff Frost, Owner   <[EMAIL PROTECTED]>
Frost Consulting, LLC   http://www.frostconsultingllc.com/
Phone: 650-780-7908 FAX: 650-649-1954


---(end of broadcast)---
TIP 2: Don't 'kill -9' the postmaster




---(end of broadcast)---
TIP 9: In versions below 8.0, the planner will ignore your desire to
  choose an index scan if your joining column's datatypes do not
  match

Re: [ADMIN] pg_hba.conf: 'trust' vs. 'md5' Issues

[Jeff Frost]

On Tue, 26 Sep 2006, Jeanna Geier wrote:


Hi All-

If I change the hostssl line to: hostssl all all 127.0.0.1/32 md5, restart 
the server, and attempt to connect via pgadmin, I see the message 'Connecting 
to the database... Failed.'  If I attempt to connect to a database using the 
command line:

   C:\msys\1.0\local\pgsql\bin>psql -d apt -U postgres
   Password:
   psql: FATAL:  no pg_hba.conf entry for host "127.0.0.1", user "postgres", 
database "apt", SSL off

   C:\msys\1.0\local\pgsql\bin>



Jeanna,

It seems that for some reason either your server or your client are not trying 
to use SSL.  Note the: "SSL off" in the error message you received.  Do you 
have a server.crt in the data directory of the postgres server?


When you have the hostssl line set for trust, do you get something like this 
when you connect with psql:


Welcome to psql 8.0.8, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
   \h for help with SQL commands
   \? for help with psql commands
   \g or terminate with semicolon to execute query
   \q to quit

SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)

Or are you missing the SSL connection line?

--
Jeff 'Frosty' Frost - AFM #996 - Frost Consulting, LLC Racing
http://www.frostconsultingllc.com/  http://www.motonation.com/
http://www.suomy-usa.com/   http://www.motionpro.com/
http://www.motorexusa.com/  http://www.lockhartphillipsusa.com/
http://www.zoomzoomtrackdays.com/   http://www.braking.com/


---(end of broadcast)---
TIP 4: Have you searched our list archives?

  http://archives.postgresql.org

Re: [ADMIN] pg_hba.conf includes

[Adam Fernie]

Hi,

I understand how the subnetting works.  What I had problems with was
putting more than one IP address / hostname into the include file.

If my include file looks like so...

1.2.3.4

Then it works fine

If the include file looks like this...

1.2.3.4
1.2.3.5

Then it doesn't work (for either address) and I get an error like...
psql: FATAL:  missing or erroneous pg_hba.conf file

Hope someone can help here...


Adam

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Richard Broersma
Jr
Sent: 07 August 2006 14:58
To: Adam Fernie; pgsql-admin@postgresql.org
Subject: Re: [ADMIN] pg_hba.conf includes

> hostdbname  all @myhosts 255.255.255.255 md5
> 
> If I put a single ip or hostname in the file it works a treat but I 
> don't know how to include more than 1 host or IP address is the file.
> Should it be comma seperated, newline for each file or something 
> different?

You can add additional lines for each IP. 

Or if all of your clients are on the same sub-network, then you can
alter your net mask in the above line to allow them. i.e.
<255.255.255.0>  So for example if your client is 191.168.1.100 and your
next mask is 255.255.255.0, then all ip like 192.168.1.* will be allowed
to connect.

Regards,

Richard Broersma Jr.



---(end of broadcast)---
TIP 3: Have you checked our extensive FAQ?

   http://www.postgresql.org/docs/faq



Scanned by Serendipity Interactive -  MYmailSAFE






Scanned by Serendipity Interactive -  MYmailSAFE


---(end of broadcast)---
TIP 1: if posting/reading through Usenet, please send an appropriate
   subscribe-nomail command to [EMAIL PROTECTED] so that your
   message can get through to the mailing list cleanly

Re: [ADMIN] pg_hba.conf includes

[Richard Broersma Jr]

> hostdbname  all @myhosts 255.255.255.255 md5
> 
> If I put a single ip or hostname in the file it works a treat but I
> don't know how to include more than 1 host or IP address is the file.
> Should it be comma seperated, newline for each file or something
> different?

You can add additional lines for each IP. 

Or if all of your clients are on the same sub-network, then you can alter your 
net mask in the
above line to allow them. i.e. <255.255.255.0>  So for example if your client 
is 191.168.1.100 and
your next mask is 255.255.255.0, then all ip like 192.168.1.* will be allowed 
to connect.

Regards,

Richard Broersma Jr.



---(end of broadcast)---
TIP 3: Have you checked our extensive FAQ?

   http://www.postgresql.org/docs/faq

Re: [ADMIN] pg_hba.conf + all + trust = Ident authentication failed for user "postgres"

[Andy Shellam]

To me it would suggest that pgSQL is not looking at the pg_hba.conf you
think it is - as it shouldn't prompt for a password when trust
authentication is set (it doesn't on my box when connecting via a socket.)

Also you mention that your listen_address looks like "#listen_addresses" -
in which case it's commented out, and so PG would *NOT* listen on TCP/IP, so
you shouldn't be able to connect using -h localhost - you should get
"connection refused".

I think you've got a case of duplicate config files on your system and PG is
looking at different files to the ones you're editing.

Might be worth running "find / -name pg_hba.conf" and "find / -name
postgresql.conf" to see where all the instances of your config files lie.

Something's not quite right...

Andy

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of ow
Sent: Monday, 06 March, 2006 1:59 PM
To: pgsql-admin@postgresql.org
Subject: Re: [ADMIN] pg_hba.conf + all + trust = Ident authentication failed
for user "postgres"


In postgresql.conf I have "#listen_addresses = 'localhost'" and I am logged
in
directly into the box, without telnet, ssh or whatever.

But "psql -U postgres -h localhost" DID WORK (after I entered the password)
and
that's a big step forward, thanks.

I'm still not sure why I needed to enter the password, though... my idea of
"trust" is somewhat different...


--- Andy Shellam <[EMAIL PROTECTED]> wrote:

> No you're right, there shouldn't be anything in pg_ident.conf.
> 
> Check in your postgresql.conf file, and set "listen_interfaces" to *, so
it
> listens on TCP/IP (if not already.)
> 
> Then try connecting with "psql -U postgres -h localhost" and see if that
> lets you on.  Also check your postgresql.conf file is not forcing pgSQL to
> look elsewhere for your config files.
> 
> Andy
> 




__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---(end of broadcast)---
TIP 5: don't forget to increase your free space map settings

!DSPAM:14,440c406f49419332837813!




---(end of broadcast)---
TIP 6: explain analyze is your friend

Re: [ADMIN] pg_hba.conf + all + trust = Ident authentication failed

[Stephan Szabo]

On Mon, 6 Mar 2006, ow wrote:

> PostgreSQL 8.1.0 on i486-pc-linux-gnu, compiled by GCC cc (GCC) 4.0.3 2005
> (prerelease) (Debian 4.0.2-4)
>
>
> Hi,
>
> Can't get pg_hba.conf with trust to work:
>
>   [EMAIL PROTECTED]:~$ psql -U postgres
>   psql: FATAL:  Ident authentication failed for user "postgres"

Are you sure you're using the configuration below (ie, you're editing the
correct file and have at least used sighup after the change)?  It sure
looks like the server thinks the method is ident which would be the
default for the debian packages I think.

> Any ideas? Thanks in advance
>
> --
>
> $ cat pg_hba.conf
> # TYPE  DATABASEUSERCIDR-ADDRESS  METHOD
>
> # "local" is for Unix domain socket connections only
> local   all all   trust
> # IPv4 local connections:
> hostall all 127.0.0.1/32  trust
> # IPv6 local connections:
> hostall all ::1/128   trust
>
> --
>
>
> __
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> __
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> ---(end of broadcast)---
> TIP 9: In versions below 8.0, the planner will ignore your desire to
>choose an index scan if your joining column's datatypes do not
>match
>

---(end of broadcast)---
TIP 1: if posting/reading through Usenet, please send an appropriate
   subscribe-nomail command to [EMAIL PROTECTED] so that your
   message can get through to the mailing list cleanly

Re: [ADMIN] pg_hba.conf + all + trust = Ident authentication failed for user "postgres"

[ow]

In postgresql.conf I have "#listen_addresses = 'localhost'" and I am logged in
directly into the box, without telnet, ssh or whatever.

But "psql -U postgres -h localhost" DID WORK (after I entered the password) and
that's a big step forward, thanks.

I'm still not sure why I needed to enter the password, though... my idea of
"trust" is somewhat different...


--- Andy Shellam <[EMAIL PROTECTED]> wrote:

> No you're right, there shouldn't be anything in pg_ident.conf.
> 
> Check in your postgresql.conf file, and set "listen_interfaces" to *, so it
> listens on TCP/IP (if not already.)
> 
> Then try connecting with "psql -U postgres -h localhost" and see if that
> lets you on.  Also check your postgresql.conf file is not forcing pgSQL to
> look elsewhere for your config files.
> 
> Andy
> 




__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---(end of broadcast)---
TIP 5: don't forget to increase your free space map settings

Re: [ADMIN] pg_hba.conf + all + trust = Ident authentication failed for user "postgres"

[Andy Shellam]

No you're right, there shouldn't be anything in pg_ident.conf.

Check in your postgresql.conf file, and set "listen_interfaces" to *, so it
listens on TCP/IP (if not already.)

Then try connecting with "psql -U postgres -h localhost" and see if that
lets you on.  Also check your postgresql.conf file is not forcing pgSQL to
look elsewhere for your config files.

Andy

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of ow
Sent: Monday, 06 March, 2006 1:21 PM
To: pgsql-admin@postgresql.org
Subject: Re: [ADMIN] pg_hba.conf + all + trust = Ident authentication failed
for user "postgres"


No, pg_ident.conf is empty (i.e. contains only comments). My impression was
that with "trust" nothing was needed in pg_ident.conf, no?

Thanks


--- Andy Shellam <[EMAIL PROTECTED]> wrote:

> Does your pg_ident.conf contain anything with reference to testusr? As it
> seems to be trying Ident authentication over everything else and failing.
> 
> Andy
> 

---


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---(end of broadcast)---
TIP 1: if posting/reading through Usenet, please send an appropriate
   subscribe-nomail command to [EMAIL PROTECTED] so that your
   message can get through to the mailing list cleanly

!DSPAM:14,440c377449413902250303!




---(end of broadcast)---
TIP 5: don't forget to increase your free space map settings

Re: [ADMIN] pg_hba.conf + all + trust = Ident authentication failed for user "postgres"

[ow]

No, pg_ident.conf is empty (i.e. contains only comments). My impression was
that with "trust" nothing was needed in pg_ident.conf, no?

Thanks


--- Andy Shellam <[EMAIL PROTECTED]> wrote:

> Does your pg_ident.conf contain anything with reference to testusr? As it
> seems to be trying Ident authentication over everything else and failing.
> 
> Andy
> 

---


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---(end of broadcast)---
TIP 1: if posting/reading through Usenet, please send an appropriate
   subscribe-nomail command to [EMAIL PROTECTED] so that your
   message can get through to the mailing list cleanly

Re: [ADMIN] pg_hba.conf + all + trust = Ident authentication failed for user "postgres"

[Andy Shellam]

Does your pg_ident.conf contain anything with reference to testusr? As it
seems to be trying Ident authentication over everything else and failing.

Andy


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of ow
Sent: Monday, 06 March, 2006 1:02 PM
To: pgsql-admin@postgresql.org
Subject: [ADMIN] pg_hba.conf + all + trust = Ident authentication failed for
user "postgres"

PostgreSQL 8.1.0 on i486-pc-linux-gnu, compiled by GCC cc (GCC) 4.0.3
2005
(prerelease) (Debian 4.0.2-4)


Hi,

Can't get pg_hba.conf with trust to work:

  [EMAIL PROTECTED]:~$ psql -U postgres
  psql: FATAL:  Ident authentication failed for user "postgres"

If I do "su postgres" and then "psql -U postgres" then it does work. But I
need
testusr to be able to use psql.

Installed "gidentd", rebooted psql but that did not seem to help.

Any ideas? Thanks in advance

--

$ cat pg_hba.conf
# TYPE  DATABASEUSERCIDR-ADDRESS  METHOD

# "local" is for Unix domain socket connections only
local   all all   trust
# IPv4 local connections:
hostall all 127.0.0.1/32  trust
# IPv6 local connections:
hostall all ::1/128   trust

--


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---(end of broadcast)---
TIP 9: In versions below 8.0, the planner will ignore your desire to
   choose an index scan if your joining column's datatypes do not
   match

!DSPAM:14,440c330a49416961194852!




---(end of broadcast)---
TIP 1: if posting/reading through Usenet, please send an appropriate
   subscribe-nomail command to [EMAIL PROTECTED] so that your
   message can get through to the mailing list cleanly

Re: [ADMIN] pg_hba.conf

[Andy Shellam]

Have you also changed your pg_ident.conf to map the user gowri to a 
database user, and does that database user exist in pgSQL?
By default 127.0.0.1 is set up as trust authentication, so if you 
haven't changed this, it will always let you through no matter what 
username/password you give.


Andy

Gowri Sivaraman wrote:

Hi,
  I am having problems with my connectivity for any of the users other 
than the post gres. Let me elaborate on the situation



I am using OSX and i have changed the pg_hba.conf file to reflect 
ident_authentication. I have attached my pg_hba.conf file. When i try 
connecting as a user i get the following error



Gowri-Sivaraman:~ gowri$ psql -h localhost gen3logger
psql: FATAL:  Ident authentication failed for user "gowri"


Even when i have given the user gowri trust authorization, it is not 
working. For some reason, it is recognizing local . when i connect 
using the host it is working. Can anybody let me know if i am missing 
something here



Gowri-Sivaraman:~ gowri$ psql -h 127.0.0.1 -U gowri template1
Welcome to psql 8.1.3, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
   \h for help with SQL commands
   \? for help with psql commands
   \g or terminate with semicolon to execute query
   \q to quit

SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)

template1=>




!DSPAM:14,440507c549411563562004!




Thanks
Gowri


!DSPAM:14,440507c549411563562004!



---(end of broadcast)---
TIP 9: In versions below 8.0, the planner will ignore your desire to
   choose an index scan if your joining column's datatypes do not
   match


!DSPAM:14,440507c549411563562004!
  


---(end of broadcast)---
TIP 6: explain analyze is your friend

Re: [ADMIN] pg_hba.conf setup

[Jeff Frost]

On Thu, 29 Sep 2005, Ben Sullins wrote:


I logged onto the linux box via ssh and edited the file by adding a line
in pg_hba.conf for my ip. I'm thinking it other lines above my new entry
could be affecting my access restrictions. Below are the lines in order
as they appear in pg_hba.conf. Any assistance will be most appreciated.


Ben,

Did you reload or restart the postmaster daemon after you made your changes?


From the docs:


The pg_hba.conf file is read on start-up and when the postmaster receives a 
SIGHUP signal. If you edit the file on an active system, you will need to 
signal the postmaster (using pg_ctl reload or kill -HUP) to make it re-read 
the file.


--
Jeff Frost, Owner   <[EMAIL PROTECTED]>
Frost Consulting, LLC   http://www.frostconsultingllc.com/
Phone: 650-780-7908 FAX: 650-649-1954

---(end of broadcast)---
TIP 5: don't forget to increase your free space map settings

Re: [ADMIN] pg_hba.conf

[Dick Davies]

* Tom Lane <[EMAIL PROTECTED]> [0218 15:18]:

> Perhaps easier would be to set "PGSSLMODE=allow" (or even "disable") in
> the client environment.  This will work for libpq-based clients; there
> may be something equivalent if you are using other software.

Thanks Tom, I'll give that a go.
 
> Also: why aren't you just using a Unix socket?  We never do SSL over
> Unix sockets.

As I said, it's set to 'trust' and restricted to a local group.

Also, the deletion/rebuilding of the socket causes the application to
lose the db connection, hopefully it will be more forgiving of a server
bounce over IP.

-- 
'Oh, wait you're serious. Let me laugh even harder.'
-- Bender
Rasputin :: Jack of All Trades - Master of Nuns

---(end of broadcast)---
TIP 6: Have you searched our list archives?

   http://archives.postgresql.org

Re: [ADMIN] pg_hba.conf

[Tom Lane]

Bruno Wolff III <[EMAIL PROTECTED]> writes:
> The host entry is the one that applies. But the host entry will allow either
> ssl or nonssl, so it doesn't do what you want without cooperation from the
> connecting client. You can use hostnossl to match without allowing ssl.
> You will also want to use a hostssl line with 'reject' authentication
> to keep the later rule from matching. I am not sure if all of the normal
> clients will fallback after trying ssl to not using ssl. That should be
> pretty easy to test though.

Perhaps easier would be to set "PGSSLMODE=allow" (or even "disable") in
the client environment.  This will work for libpq-based clients; there
may be something equivalent if you are using other software.

The important point here is that it's the client's choice whether to try
an SSL connection first or not, and libpq defaults to trying SSL first.
So unless you set up pg_hba.conf to actively reject SSL-based
connections, that's what you're going to get.

Also: why aren't you just using a Unix socket?  We never do SSL over
Unix sockets.

regards, tom lane

---(end of broadcast)---
TIP 6: Have you searched our list archives?

   http://archives.postgresql.org

Re: [ADMIN] pg_hba.conf

[Bruno Wolff III]

On Tue, Feb 22, 2005 at 11:56:41 +,
  Dick Davies <[EMAIL PROTECTED]> wrote:
> 
> Just needed clarification on how pg_hba.conf operates.
> Does a specific host take precedence over a more general network setting?

No. The first line that matches the triple connection type, database name
and user name is the one that is used. Typically you can get what you
want by using the narrower rule first.

> The local socket is only accessible to a certain group, but I don't want
> the overhead of SSL for loopback connections. If I connect to the server 
> from the local machine, the connections show up as (eg) 10.2.3.4, the NIC
> ip.
> 
> I was hoping the more specific 'host' entry would take entry over the 
> universal
> 'hostssl' entry, but it does'nt seem to...

The host entry is the one that applies. But the host entry will allow either
ssl or nonssl, so it doesn't do what you want without cooperation from the
connecting client. You can use hostnossl to match without allowing ssl.
You will also want to use a hostssl line with 'reject' authentication
to keep the later rule from matching. I am not sure if all of the normal
clients will fallback after trying ssl to not using ssl. That should be
pretty easy to test though.

> 
> I have this:
> 
> [EMAIL PROTECTED]:postgresql80-server$ cat /opt/pgsql/data/pg_hba.conf
> # TYPE DATABASEUSERIP-ADDRESS  METHOD
> local  all all trust
> hostall all 10.2.3.4/32   md5
> hostsslall all  0.0.0.0/0   md5
> 
> Is there a way to say 'all IP traffic should be encrypted except one IP' that
> I'm missing?
> 
> I know I could just add the local process into the dba group, but the app 
> doesn't 
> reconnect if the socket goes away on a db restart, so that's not ideal...
> 
> 
> -- 
> 'That question was less stupid; though you asked it in a profoundly stupid 
> way.'
>   -- Prof. Farnsworth
> Rasputin :: Jack of All Trades - Master of Nuns
> 
> ---(end of broadcast)---
> TIP 7: don't forget to increase your free space map settings

---(end of broadcast)---
TIP 6: Have you searched our list archives?

   http://archives.postgresql.org

Re: [ADMIN] pg_hba.conf

[Dick Davies]

* Donald Fraser <[EMAIL PROTECTED]> [0257 13:57]:
> If postgres has ssl enabled then it will by default negotiate to use ssl,
> regardless of the host or hostssl settings in pg_hba. Your client software
> needs to refuse ssl connections then it will fall back to a non-ssl
> connection so long as there exists a host setting in pg_hba. The hostssl
> setting in pg_hba means that it must use ssl to connect, where as the host
> setting in pg_hba can mean either or, depending on your client.
> 
> What client software are you using?

psql and ignorance :)- though it'll be ruby-postgres for the webapp.

Thanks for the explanation.
 

-- 
'This must be Thursday. I never could get the hang of Thursdays.'
-- Arthur Dent
Rasputin :: Jack of All Trades - Master of Nuns

---(end of broadcast)---
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]

Re: [ADMIN] pg_hba.conf

[Donald Fraser]

If postgres has ssl enabled then it will by default negotiate to use ssl,
regardless of the host or hostssl settings in pg_hba. Your client software
needs to refuse ssl connections then it will fall back to a non-ssl
connection so long as there exists a host setting in pg_hba. The hostssl
setting in pg_hba means that it must use ssl to connect, where as the host
setting in pg_hba can mean either or, depending on your client.

What client software are you using?

Regards
Donald Fraser

- Original Message - 
From: "Dick Davies" <[EMAIL PROTECTED]>
To: "PostgreSQL Admin" 
Sent: Tuesday, February 22, 2005 1:26 PM
Subject: Re: [ADMIN] pg_hba.conf


> * K?PFERL Robert <[EMAIL PROTECTED]> [0228 12:28]:
> > According to the excelent doc, the _first_ matching entry will be used.
>
> If that were true, the below would work, surely?
>
> > C:\> I have this:
> > C:\>
> > C:\> [EMAIL PROTECTED]:postgresql80-server$ cat /opt/pgsql/data/pg_hba.conf
> > C:\> # TYPE DATABASEUSERIP-ADDRESS  METHOD
> > C:\> local  all all trust
> > C:\> hostall all 10.2.3.4/32   md5
> > C:\> hostsslall all  0.0.0.0/0   md5
>
> -- 
> 'Interesting. No, wait, the other thing - Tedious.'
> -- Bender
> Rasputin :: Jack of All Trades - Master of Nuns
>
> ---(end of broadcast)---
> TIP 5: Have you checked our extensive FAQ?
>
>http://www.postgresql.org/docs/faq
>


---(end of broadcast)---
TIP 6: Have you searched our list archives?

   http://archives.postgresql.org

Re: [ADMIN] pg_hba.conf

[Dick Davies]

* K?PFERL Robert <[EMAIL PROTECTED]> [0228 12:28]:
> According to the excelent doc, the _first_ matching entry will be used.

If that were true, the below would work, surely?
 
> C:\> I have this:
> C:\> 
> C:\> [EMAIL PROTECTED]:postgresql80-server$ cat /opt/pgsql/data/pg_hba.conf
> C:\> # TYPE DATABASEUSERIP-ADDRESS  METHOD
> C:\> local  all all trust
> C:\> hostall all 10.2.3.4/32   md5
> C:\> hostsslall all  0.0.0.0/0   md5

-- 
'Interesting. No, wait, the other thing - Tedious.'
-- Bender
Rasputin :: Jack of All Trades - Master of Nuns

---(end of broadcast)---
TIP 5: Have you checked our extensive FAQ?

   http://www.postgresql.org/docs/faq

Re: [ADMIN] pg_hba.conf

[KÖPFERL Robert]

According to the excelent doc, the _first_ matching entry will be used.

C:\> -Original Message-
C:\> From: Dick Davies [mailto:[EMAIL PROTECTED]
C:\> Sent: Dienstag, 22. Februar 2005 12:57
C:\> To: PostgreSQL Admin
C:\> Subject: [ADMIN] pg_hba.conf
C:\> 
C:\> 
C:\> 
C:\> Just needed clarification on how pg_hba.conf operates.
C:\> Does a specific host take precedence over a more general 
C:\> network setting?
C:\> 
C:\> The local socket is only accessible to a certain group, 
C:\> but I don't want
C:\> the overhead of SSL for loopback connections. If I connect 
C:\> to the server 
C:\> from the local machine, the connections show up as (eg) 
C:\> 10.2.3.4, the NIC
C:\> ip.
C:\> 
C:\> I was hoping the more specific 'host' entry would take 
C:\> entry over the universal
C:\> 'hostssl' entry, but it does'nt seem to...
C:\> 
C:\> I have this:
C:\> 
C:\> [EMAIL PROTECTED]:postgresql80-server$ cat /opt/pgsql/data/pg_hba.conf
C:\> # TYPE DATABASEUSERIP-ADDRESS  METHOD
C:\> local  all all trust
C:\> hostall all 10.2.3.4/32   md5
C:\> hostsslall all  0.0.0.0/0   md5
C:\> 
C:\> Is there a way to say 'all IP traffic should be encrypted 
C:\> except one IP' that
C:\> I'm missing?
C:\> 
C:\> I know I could just add the local process into the dba 
C:\> group, but the app doesn't 
C:\> reconnect if the socket goes away on a db restart, so 
C:\> that's not ideal...
C:\> 
C:\> 
C:\> -- 
C:\> 'That question was less stupid; though you asked it in a 
C:\> profoundly stupid way.'
C:\>-- Prof. Farnsworth
C:\> Rasputin :: Jack of All Trades - Master of Nuns
C:\> 
C:\> ---(end of 
C:\> broadcast)---
C:\> TIP 7: don't forget to increase your free space map settings
C:\> 

---(end of broadcast)---
TIP 9: the planner will ignore your desire to choose an index scan if your
  joining column's datatypes do not match

Re: [ADMIN] pg_hba.conf

[Jim Seymour]

<[EMAIL PROTECTED]> wrote:
> 
> Jim said:
> >>>
> Try changing the "10.29.15.0255.255.255.0" to "10.29.15.0/24", if
> you
> have a 7.4-series pgsql server, and see if that doesn't work.
> >>>
> 
> IT WORKED! Thanks so much Jim! I'm happily connected from home today...
> :)

It was a long shot, but it worked.  Very good :).

I'm curious, Lily, could you share with us just what operating system
and version/release the PostgreSQL server is running on?  And what
version of PostgreSQL is running on that server?  Reason I ask is that
the solution I presented has so far only been associated with some (?)
versions of pgsql running on some (?) versions of Sun Solaris.

(Note: I'm Cc'ing you again as last time you mentioned you weren't
getting the mailing list itself.)

Jim

---(end of broadcast)---
TIP 8: explain analyze is your friend

Re: [ADMIN] pg_hba.conf

[LSanchez]

Jim said:
>>>
Try changing the "10.29.15.0255.255.255.0" to "10.29.15.0/24", if
you
have a 7.4-series pgsql server, and see if that doesn't work.
>>>

IT WORKED! Thanks so much Jim! I'm happily connected from home today...
:)



-Original Message-
From: Sanchez, Lily 
Sent: Thursday, May 27, 2004 10:12 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ADMIN] pg_hba.conf

Hi Jim,

I apologize, but it seems that this is the first time that I received an
email from you, but I did receive some emails from others about this
issue, which I had been responding to. Or maybe, I'm not subscribed to
the mailing list? I'll check this out and fix it asap.

I will try what you suggested tonight, as soon as I get home.

Thanks so much for your help!

Regards,
- Lily Anne



-Original Message-
From: Jim Seymour [mailto:[EMAIL PROTECTED] 
Sent: Thursday, May 27, 2004 10:03 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [ADMIN] pg_hba.conf

(Note: Please do not copy me individually on posts to the mailing
list.  I do read the list and don't need two copies.  Thanks.)

(Note2: I did Cc: this to LSanchez as she's yet to respond to any of
my prior comments, so I begin to suspect she's not getting/reading
the mailing list traffic?)

> 
> Hi Mike,
> 
> That's exactly how I had mine setup all along:
> 
> host   all   all 10.29.15.0255.255.255.0trust
> 
> and it just doesn't work via VPN.

Then I would suggest the server isn't seeing you coming from
10.29.15.0 through 10.29.15.255.  Then again: There's been some kind
of bug (?) mentioned lately (only on [certain versions?] of Solaris?)
where "network netmask" doesn't appear to work properly.  Try
changing the "10.29.15.0255.255.255.0" to "10.29.15.0/24", if you
have a 7.4-series pgsql server, and see if that doesn't work.

Jim

---(end of broadcast)---
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]

Re: [ADMIN] pg_hba.conf

[Mike G]

Thank you to all who replied with the additional info.
On Thu, May 27, 2004 at 09:35:06AM -0400, Tom Lane wrote:
> "C. Bensend" <[EMAIL PROTECTED]> writes:
> >> I had setup my pg_hba.conf originally like this:
> >> host   all all 10.15.0.0   255.255.255.0   trust
> >> 
> >> I was under the impression that the .0 was supposed to be equivalent to
> >> a wildcard entry so that any connection from 10.15 would be able to
> >> connect.  This was not so.  By changing my pg_hba.conf to this:
> 
> > Yes, when your subnet mask is set for a /24, that's correct.
> 
> To expand a bit: the correct way of letting in a /16 would be
> 
> host   all all 10.15.0.0   255.255.0.0   trust
> 
> In recent PG releases (7.4.*, not sure about 7.3) you could also write
> 
> host   all all 10.15.0.0/16   trust
> 
>   regards, tom lane

---(end of broadcast)---
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]

Re: [ADMIN] pg_hba.conf

[Armstrong, Marc]

Mike,

I think if you set it up like this it would have worked as well:

host   all all 10.15.0.0   255.255.0.0   trust

Your netmask was telling it that the first three octets of the IP address
were significant.

Marc Armstrong - Webmaster - Danly IEM - 440-239-7607
[EMAIL PROTECTED] - [EMAIL PROTECTED]
AIM: marmstro2 - Jabber: [EMAIL PROTECTED]


-Original Message-
From: mike g [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, May 26, 2004 11:16 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [ADMIN] pg_hba.conf


Hello,

I finally got it to work and as some have mentioned it was not the
encryption level.

I had setup my pg_hba.conf originally like this:

host   all all 10.15.0.0   255.255.255.0   trust


I was under the impression that the .0 was supposed to be equivalent to a
wildcard entry so that any connection from 10.15 would be able to connect.
This was not so.  By changing my pg_hba.conf to this:

host   all all10.15.13.0  255.255.255.0trust

I was able to connect successfully.  The .0 works as a wildcard entry for
the last part but not the one prior.  


Hope that helps you.

Mike


On Wed, 2004-05-26 at 10:25, [EMAIL PROTECTED] wrote:
> Thanks so much! :)
> 
> -Original Message-
> From: Bruce Momjian [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, May 26, 2004 10:56 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Subject: Re: [ADMIN] pg_hba.conf
> 
> [EMAIL PROTECTED] wrote:
> > Thanks Mike!
> > 
> > Do you know if pgSQL will be supporting higher level of encryption 
> > in the near future? Most of us here at Ameritrade work from home via 
> > VPN.
> 
> 
> We support SSL so you don't need VPN encryption.  However, we should 
> work with whatever VPN encryption you are already using too.

---(end of broadcast)---
TIP 5: Have you checked our extensive FAQ?

   http://www.postgresql.org/docs/faqs/FAQ.html


The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited.  If you received
this in error, please contact the sender and delete the material from any
computer.

---(end of broadcast)---
TIP 6: Have you searched our list archives?

   http://archives.postgresql.org

Re: [ADMIN] pg_hba.conf

[LSanchez]

Hi Jim,

I apologize, but it seems that this is the first time that I received an
email from you, but I did receive some emails from others about this
issue, which I had been responding to. Or maybe, I'm not subscribed to
the mailing list? I'll check this out and fix it asap.

I will try what you suggested tonight, as soon as I get home.

Thanks so much for your help!

Regards,
- Lily Anne



-Original Message-
From: Jim Seymour [mailto:[EMAIL PROTECTED] 
Sent: Thursday, May 27, 2004 10:03 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [ADMIN] pg_hba.conf

(Note: Please do not copy me individually on posts to the mailing
list.  I do read the list and don't need two copies.  Thanks.)

(Note2: I did Cc: this to LSanchez as she's yet to respond to any of
my prior comments, so I begin to suspect she's not getting/reading
the mailing list traffic?)

> 
> Hi Mike,
> 
> That's exactly how I had mine setup all along:
> 
> host   all   all 10.29.15.0255.255.255.0trust
> 
> and it just doesn't work via VPN.

Then I would suggest the server isn't seeing you coming from
10.29.15.0 through 10.29.15.255.  Then again: There's been some kind
of bug (?) mentioned lately (only on [certain versions?] of Solaris?)
where "network netmask" doesn't appear to work properly.  Try
changing the "10.29.15.0255.255.255.0" to "10.29.15.0/24", if you
have a 7.4-series pgsql server, and see if that doesn't work.

Jim

---(end of broadcast)---
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]

Re: [ADMIN] pg_hba.conf

[Jim Seymour]

(Note: Please do not copy me individually on posts to the mailing
list.  I do read the list and don't need two copies.  Thanks.)

(Note2: I did Cc: this to LSanchez as she's yet to respond to any of
my prior comments, so I begin to suspect she's not getting/reading
the mailing list traffic?)

> 
> Hi Mike,
> 
> That's exactly how I had mine setup all along:
> 
> host   all   all 10.29.15.0255.255.255.0trust
> 
> and it just doesn't work via VPN.

Then I would suggest the server isn't seeing you coming from
10.29.15.0 through 10.29.15.255.  Then again: There's been some kind
of bug (?) mentioned lately (only on [certain versions?] of Solaris?)
where "network netmask" doesn't appear to work properly.  Try
changing the "10.29.15.0255.255.255.0" to "10.29.15.0/24", if you
have a 7.4-series pgsql server, and see if that doesn't work.

Jim

---(end of broadcast)---
TIP 7: don't forget to increase your free space map settings

Re: [ADMIN] pg_hba.conf

[LSanchez]

Hi Mike,

That's exactly how I had mine setup all along:

host   all   all 10.29.15.0255.255.255.0trust

and it just doesn't work via VPN.

Thanks,
- Lily Anne



-Original Message-
From: mike g [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, May 26, 2004 11:16 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [ADMIN] pg_hba.conf

Hello,

I finally got it to work and as some have mentioned it was not the
encryption level.

I had setup my pg_hba.conf originally like this:

host   all all 10.15.0.0   255.255.255.0   trust


I was under the impression that the .0 was supposed to be equivalent to
a wildcard entry so that any connection from 10.15 would be able to
connect.  This was not so.  By changing my pg_hba.conf to this:

host   all all10.15.13.0  255.255.255.0trust

I was able to connect successfully.  The .0 works as a wildcard entry
for the last part but not the one prior.  


Hope that helps you.

Mike


On Wed, 2004-05-26 at 10:25, [EMAIL PROTECTED] wrote:
> Thanks so much! :)
> 
> -Original Message-
> From: Bruce Momjian [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, May 26, 2004 10:56 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Subject: Re: [ADMIN] pg_hba.conf
> 
> [EMAIL PROTECTED] wrote:
> > Thanks Mike!
> > 
> > Do you know if pgSQL will be supporting higher level of encryption
in
> > the near future? Most of us here at Ameritrade work from home via
VPN.
> 
> 
> We support SSL so you don't need VPN encryption.  However, we should
> work with whatever VPN encryption you are already using too.

---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster

Re: [ADMIN] pg_hba.conf

[Tom Lane]

"C. Bensend" <[EMAIL PROTECTED]> writes:
>> I had setup my pg_hba.conf originally like this:
>> host   all all 10.15.0.0   255.255.255.0   trust
>> 
>> I was under the impression that the .0 was supposed to be equivalent to
>> a wildcard entry so that any connection from 10.15 would be able to
>> connect.  This was not so.  By changing my pg_hba.conf to this:

> Yes, when your subnet mask is set for a /24, that's correct.

To expand a bit: the correct way of letting in a /16 would be

host   all all 10.15.0.0   255.255.0.0   trust

In recent PG releases (7.4.*, not sure about 7.3) you could also write

host   all all 10.15.0.0/16   trust

regards, tom lane

---(end of broadcast)---
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])

Re: [ADMIN] pg_hba.conf

[C. Bensend]

> I had setup my pg_hba.conf originally like this:
>
> host   all all 10.15.0.0   255.255.255.0   trust
>
>
> I was under the impression that the .0 was supposed to be equivalent to
> a wildcard entry so that any connection from 10.15 would be able to
> connect.  This was not so.  By changing my pg_hba.conf to this:
>
> host   all all10.15.13.0  255.255.255.0trust
>
> I was able to connect successfully.  The .0 works as a wildcard entry
> for the last part but not the one prior.

Yes, when your subnet mask is set for a /24, that's correct.

Your first attempt above allowed connections for anything in the
10.15.0/24 subnet (which 10.15.13 is not a part of).

Benny


-- 
"Oh, the Jedis are going to feel this one!"   -- Professor Farnsworth,
 "Futurama"

---(end of broadcast)---
TIP 5: Have you checked our extensive FAQ?

   http://www.postgresql.org/docs/faqs/FAQ.html

Re: [ADMIN] pg_hba.conf

[mike g]

Hello,

I finally got it to work and as some have mentioned it was not the
encryption level.

I had setup my pg_hba.conf originally like this:

host   all all 10.15.0.0   255.255.255.0   trust


I was under the impression that the .0 was supposed to be equivalent to
a wildcard entry so that any connection from 10.15 would be able to
connect.  This was not so.  By changing my pg_hba.conf to this:

host   all all10.15.13.0  255.255.255.0trust

I was able to connect successfully.  The .0 works as a wildcard entry
for the last part but not the one prior.  


Hope that helps you.

Mike


On Wed, 2004-05-26 at 10:25, [EMAIL PROTECTED] wrote:
> Thanks so much! :)
> 
> -Original Message-
> From: Bruce Momjian [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, May 26, 2004 10:56 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Subject: Re: [ADMIN] pg_hba.conf
> 
> [EMAIL PROTECTED] wrote:
> > Thanks Mike!
> > 
> > Do you know if pgSQL will be supporting higher level of encryption in
> > the near future? Most of us here at Ameritrade work from home via VPN.
> 
> 
> We support SSL so you don't need VPN encryption.  However, we should
> work with whatever VPN encryption you are already using too.

---(end of broadcast)---
TIP 5: Have you checked our extensive FAQ?

   http://www.postgresql.org/docs/faqs/FAQ.html

Re: [ADMIN] pg_hba.conf

[Chris Browne]

[EMAIL PROTECTED] (mike g) writes:
> I believe I found my problem.  The Cisco VPN client I use encrypts data
> at a 168 bit level.  Postgres only supports up to 128 bit correct?

That ought to be entirely irrelevant, as your VPN client would encrypt
all data going across the network, encrypted or not.  Indeed, if the
VPN is encrypting the data, it is redundant to have the database
server encrypt it an extra time.  

That will just make things perform poorly.

And if you have some network configuration problem, adding in extra
layers of encryption is unlikely to make it easier to solve the
problem...
-- 
(reverse (concatenate 'string "gro.mca" "@" "enworbbc"))
http://cbbrowne.com/info/linux.html
Howe's Law:
Everyone has a scheme that will not work.

---(end of broadcast)---
TIP 8: explain analyze is your friend

Re: [ADMIN] pg_hba.conf

[Jim Seymour]

Note: Please do NOT Cc: me on replies to the mailing list.  I read the
mailing list.  One copy of your comments is sufficient.  Thank you.

> 
> Thanks Mike!
> 
> Do you know if pgSQL will be supporting higher level of encryption in
> the near future? Most of us here at Ameritrade work from home via VPN.=20

As I told "mike g": pgsql's encryption has *nothing* to do with your
VPN's encryption.  I'm running a sort of a VPN, using port-
forwarding over OpenSSH.  In fact, from work just now...

>From an xterm...
$ ssh -C -c blowfish -2 -L 57001:athome.example.com:5432 athome.example.com

What that command says is to do an SSH login to athome.example.com
and port-forward port 57001 on the local machine to port 5432 on
athome.example.com.  The "-C" says to use data compression on the
session.  The "-c blowfish" says to encrypt the session using the
Blowfish encryption algorithm.

>From another xterm...
$ psql -h 127.0.0.1 -p 57001
Password: 
Welcome to psql 7.4.2, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
   \h for help with SQL commands
   \? for help on internal slash commands
   \g or terminate with semicolon to execute query
   \q to quit

jseymour=> 

That is the pgsql server on my machine at home.

Now, in my case, it's simplified in that what pgsql sees coming in is
a connection from its own server (localhost), because the connection
is port-forwarded by SSH, rather than routed over a VPN route.  But
that's just a technicality.  The point I'm trying to make is that
pgsql doesn't care, doesn't even *know*, what the VPN connection
uses for encryption--or even that it *is* encrypted.  (Much-less that
my SSH connection travels through an application proxy firewall, 
a NAT'd router, and the Lord knows how many routers and other network
equipment on the way.)

Jim

---(end of broadcast)---
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])

Re: [ADMIN] pg_hba.conf

[LSanchez]

Thanks so much! :)

-Original Message-
From: Bruce Momjian [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, May 26, 2004 10:56 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: Re: [ADMIN] pg_hba.conf

[EMAIL PROTECTED] wrote:
> Thanks Mike!
> 
> Do you know if pgSQL will be supporting higher level of encryption in
> the near future? Most of us here at Ameritrade work from home via VPN.


We support SSL so you don't need VPN encryption.  However, we should
work with whatever VPN encryption you are already using too.

-- 
  Bruce Momjian|  http://candle.pha.pa.us
  [EMAIL PROTECTED]   |  (610) 359-1001
  +  If your life is a hard drive, |  13 Roberts Road
  +  Christ can be your backup.|  Newtown Square, Pennsylvania
19073

---(end of broadcast)---
TIP 6: Have you searched our list archives?

   http://archives.postgresql.org

Re: [ADMIN] pg_hba.conf

[Bruno Wolff III]

On Wed, May 26, 2004 at 10:27:41 -0400,
  [EMAIL PROTECTED] wrote:
> Thanks Mike!
> 
> Do you know if pgSQL will be supporting higher level of encryption in
> the near future? Most of us here at Ameritrade work from home via VPN. 

The client can use ssl. That supports 128 bit keys which is plenty.
Any adversary that has the resources to brute force a 128bit key has
the resources to do black bag jobs for a lower cost. If there are other
weaknesses besides brute force attacks, increasing the key size alone
isn't going to magicly make things better.

What kinds of threats are you trying to protect against? If you are using
an encrypted link already, using ssl isn't going to add much security.

Just allowing people to connect to the database directly is a significant
risk. It is made worse by letting people do it home where the machines
may not be safely operated by the users, which are not physically secured
and for which maitainance is harder (or not being done by the company).

If you are worried about people stealing hardware with information on it,
you should be considering better physical security, proper procedures
for destroying old media and consider using encrypted file systems.

If you are looking for ideas for how to hide information from authroized
users of a database while letting them use it for some things, Peter Wayner's
book Translucent Databases might be of some interest.

> -Original Message-
> From: mike g [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, May 26, 2004 12:51 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: [ADMIN] pg_hba.conf
> 
> Hello,
> 
> I believe I found my problem.  The Cisco VPN client I use encrypts data
> at a 168 bit level.  Postgres only supports up to 128 bit correct?
> 
> Mike

---(end of broadcast)---
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]

Re: [ADMIN] pg_hba.conf

[Bruce Momjian]

[EMAIL PROTECTED] wrote:
> Thanks Mike!
> 
> Do you know if pgSQL will be supporting higher level of encryption in
> the near future? Most of us here at Ameritrade work from home via VPN. 

We support SSL so you don't need VPN encryption.  However, we should
work with whatever VPN encryption you are already using too.

-- 
  Bruce Momjian|  http://candle.pha.pa.us
  [EMAIL PROTECTED]   |  (610) 359-1001
  +  If your life is a hard drive, |  13 Roberts Road
  +  Christ can be your backup.|  Newtown Square, Pennsylvania 19073

---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster

Re: [ADMIN] pg_hba.conf

[LSanchez]

Thanks Mike!

Do you know if pgSQL will be supporting higher level of encryption in
the near future? Most of us here at Ameritrade work from home via VPN. 


-Original Message-
From: mike g [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, May 26, 2004 12:51 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [ADMIN] pg_hba.conf

Hello,

I believe I found my problem.  The Cisco VPN client I use encrypts data
at a 168 bit level.  Postgres only supports up to 128 bit correct?

Mike

On Tue, 2004-05-25 at 23:12, mike g wrote:
> Hmm
> 
> Looks like I am still in the same boat you are.
> 
> I still cannot log into my db over a VPN connection using pgadminIII.
> 
> Everytime I try and connect I get a "Server terminated connection
> unexpectedly error".
> 
> I originally received the pg_hba.conf entry complaint as well but
after
> adding and restarting the system the above is all I get.
> 
> I tried specifying pgadmin to prefer SSL connection, and changed
> pg_hba.conf entry to expect SSL from my VPN connection entry.
> 
> 
> On Tue, 2004-05-25 at 08:42, [EMAIL PROTECTED] wrote:
> > Thanks Mike!
> > 
> > I already specified the IP address that was specified by my VPN
> > connection. I read through the docs and found nothing about anything
> > special with VPN connections.
> > 
> > Regards,
> > - Lily Anne
> > 
> > -Original Message-
> > From: Mike G [mailto:[EMAIL PROTECTED] 
> > Sent: Monday, May 24, 2004 10:23 PM
> > To: [EMAIL PROTECTED]
> > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> > Subject: Re: [ADMIN] pg_hba.conf
> > 
> > Your ip address range is probably different when connecting via a
VPN
> > rather than in the office.  By default postgres will not allow
> > connections from other locations even if tcpip_socket is true
without
> > specifying an ip address range, database etc.
> > 
> > Checkout the docs.  There is a section on pg_hba.conf.
> > 
> > Mike
> > 
> > On Mon, May 24, 2004 at 01:02:12PM -0400, [EMAIL PROTECTED]
wrote:
> > > Yes I can ping the server if not connected via VPN. 
> > > 
> > > I'm using EMS PostgreSQL Manager, which works if not via VPN. 
> > > 
> > > Yes, postgresql.conf's tcpip_socket = true.
> > > 
> > > The log says: FATAL: No pg_hba.conf entry for host 10.29.15.113,
user
> > > postgres, database TEST.
> > > 
> > > Thanks for your help!
> > > 
> > > Regards,
> > > - Lily Anne
> > > 
> > > 
> > > -Original Message-
> > > From: Robert Treat [mailto:[EMAIL PROTECTED] 
> > > Sent: Friday, May 21, 2004 8:04 PM
> > > To: [EMAIL PROTECTED]
> > > Cc: [EMAIL PROTECTED]
> > > Subject: Re: [ADMIN] pg_hba.conf
> > > 
> > > can you ping the server that postgresql is living on?  or maybe
your 
> > > misrepresenting the error message...  what program are you using
to
> > try
> > > and 
> > > connect? can you verify that tcpip_sockets is turned on the
server?
> > > also, if 
> > > it is a database problem there will be an exact error message
being
> > > reported 
> > > in the logs of type FATAL, can you send us that?
> > > 
> > > Robert Treat
> > > 
> > > On Friday 21 May 2004 17:01, [EMAIL PROTECTED] wrote:
> > > > Thanks Robert!
> > > >
> > > > I did that as well and still didn't work. Any other ideas?
> > > >
> > > > -Original Message-
> > > > From: Robert Treat [mailto:[EMAIL PROTECTED]
> > > > Sent: Friday, May 21, 2004 4:41 PM
> > > > To: [EMAIL PROTECTED]
> > > > Cc: [EMAIL PROTECTED]
> > > > Subject: Re: [ADMIN] pg_hba.conf
> > > >
> > > > On Thu, 2004-05-20 at 19:52, [EMAIL PROTECTED] wrote:
> > > > > I'm trying to access our test postgreSQL server via VPN and
even
> > > >
> > > > though
> > > >
> > > > > I already setup the host for the vpn's ip address, I'm still
> > getting
> > > >
> > > > an
> > > >
> > > > > error similar to "host for vpn address does not exist"
> > > > >
> > > > > What am I doing incorrectly?
> > > >
> > > > The error similar to that that I am thinking of would indicate
that
> > > the
> > > > ip address of your client machine does not fall into the scheme
laid
> > > out
> > > > in your pg_hba.conf. Most likely you need to add your home
machines
> > ip
> > > > into the pg_hba.conf (or open up one of the existing entries to
> > > include
> > > > the machine your connecting from)
> > > >
> > > > HTH
> > > >
> > > > Robert Treat
> > > 
> > > -- 
> > > Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
> > > 
> > > ---(end of
> > broadcast)---
> > > TIP 4: Don't 'kill -9' the postmaster
> > 
> > ---(end of
broadcast)---
> > TIP 7: don't forget to increase your free space map settings

---(end of broadcast)---
TIP 9: the planner will ignore your desire to choose an index scan if your
  joining column's datatypes do not match

Re: [ADMIN] pg_hba.conf

[Jim Seymour]

> 
> Hello,
> 
> I believe I found my problem.  The Cisco VPN client I use encrypts data
> at a 168 bit level.  Postgres only supports up to 128 bit correct?

That's your VPN's end-to-end/network-to-network connectivity.  It has
nothing to do with PostgreSQL at all.

(Note: Please do NOT copy me on replies.  I do read the mailing
list.)

Jim

---(end of broadcast)---
TIP 6: Have you searched our list archives?

   http://archives.postgresql.org

Re: [ADMIN] pg_hba.conf

[mike g]

Hello,

I believe I found my problem.  The Cisco VPN client I use encrypts data
at a 168 bit level.  Postgres only supports up to 128 bit correct?

Mike

On Tue, 2004-05-25 at 23:12, mike g wrote:
> Hmm
> 
> Looks like I am still in the same boat you are.
> 
> I still cannot log into my db over a VPN connection using pgadminIII.
> 
> Everytime I try and connect I get a "Server terminated connection
> unexpectedly error".
> 
> I originally received the pg_hba.conf entry complaint as well but after
> adding and restarting the system the above is all I get.
> 
> I tried specifying pgadmin to prefer SSL connection, and changed
> pg_hba.conf entry to expect SSL from my VPN connection entry.
> 
> 
> On Tue, 2004-05-25 at 08:42, [EMAIL PROTECTED] wrote:
> > Thanks Mike!
> > 
> > I already specified the IP address that was specified by my VPN
> > connection. I read through the docs and found nothing about anything
> > special with VPN connections.
> > 
> > Regards,
> > - Lily Anne
> > 
> > -Original Message-
> > From: Mike G [mailto:[EMAIL PROTECTED] 
> > Sent: Monday, May 24, 2004 10:23 PM
> > To: [EMAIL PROTECTED]
> > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> > Subject: Re: [ADMIN] pg_hba.conf
> > 
> > Your ip address range is probably different when connecting via a VPN
> > rather than in the office.  By default postgres will not allow
> > connections from other locations even if tcpip_socket is true without
> > specifying an ip address range, database etc.
> > 
> > Checkout the docs.  There is a section on pg_hba.conf.
> > 
> > Mike
> > 
> > On Mon, May 24, 2004 at 01:02:12PM -0400, [EMAIL PROTECTED] wrote:
> > > Yes I can ping the server if not connected via VPN. 
> > > 
> > > I'm using EMS PostgreSQL Manager, which works if not via VPN. 
> > > 
> > > Yes, postgresql.conf's tcpip_socket = true.
> > > 
> > > The log says: FATAL: No pg_hba.conf entry for host 10.29.15.113, user
> > > postgres, database TEST.
> > > 
> > > Thanks for your help!
> > > 
> > > Regards,
> > > - Lily Anne
> > > 
> > > 
> > > -Original Message-
> > > From: Robert Treat [mailto:[EMAIL PROTECTED] 
> > > Sent: Friday, May 21, 2004 8:04 PM
> > > To: [EMAIL PROTECTED]
> > > Cc: [EMAIL PROTECTED]
> > > Subject: Re: [ADMIN] pg_hba.conf
> > > 
> > > can you ping the server that postgresql is living on?  or maybe your 
> > > misrepresenting the error message...  what program are you using to
> > try
> > > and 
> > > connect? can you verify that tcpip_sockets is turned on the server?
> > > also, if 
> > > it is a database problem there will be an exact error message being
> > > reported 
> > > in the logs of type FATAL, can you send us that?
> > > 
> > > Robert Treat
> > > 
> > > On Friday 21 May 2004 17:01, [EMAIL PROTECTED] wrote:
> > > > Thanks Robert!
> > > >
> > > > I did that as well and still didn't work. Any other ideas?
> > > >
> > > > -Original Message-
> > > > From: Robert Treat [mailto:[EMAIL PROTECTED]
> > > > Sent: Friday, May 21, 2004 4:41 PM
> > > > To: [EMAIL PROTECTED]
> > > > Cc: [EMAIL PROTECTED]
> > > > Subject: Re: [ADMIN] pg_hba.conf
> > > >
> > > > On Thu, 2004-05-20 at 19:52, [EMAIL PROTECTED] wrote:
> > > > > I'm trying to access our test postgreSQL server via VPN and even
> > > >
> > > > though
> > > >
> > > > > I already setup the host for the vpn's ip address, I'm still
> > getting
> > > >
> > > > an
> > > >
> > > > > error similar to "host for vpn address does not exist"
> > > > >
> > > > > What am I doing incorrectly?
> > > >
> > > > The error similar to that that I am thinking of would indicate that
> > > the
> > > > ip address of your client machine does not fall into the scheme laid
> > > out
> > > > in your pg_hba.conf. Most likely you need to add your home machines
> > ip
> > > > into the pg_hba.conf (or open up one of the existing entries to
> > > include
> > > > the machine your connecting from)
> > > >
> > > > HTH
> > > >
> > > > Robert Treat
> > > 
> > > -- 
> > > Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
> > > 
> > > ---(end of
> > broadcast)---
> > > TIP 4: Don't 'kill -9' the postmaster
> > 
> > ---(end of broadcast)---
> > TIP 7: don't forget to increase your free space map settings

---(end of broadcast)---
TIP 6: Have you searched our list archives?

   http://archives.postgresql.org

Re: [ADMIN] pg_hba.conf

[mike g]

Hmm

Looks like I am still in the same boat you are.

I still cannot log into my db over a VPN connection using pgadminIII.

Everytime I try and connect I get a "Server terminated connection
unexpectedly error".

I originally received the pg_hba.conf entry complaint as well but after
adding and restarting the system the above is all I get.

I tried specifying pgadmin to prefer SSL connection, and changed
pg_hba.conf entry to expect SSL from my VPN connection entry.


On Tue, 2004-05-25 at 08:42, [EMAIL PROTECTED] wrote:
> Thanks Mike!
> 
> I already specified the IP address that was specified by my VPN
> connection. I read through the docs and found nothing about anything
> special with VPN connections.
> 
> Regards,
> - Lily Anne
> 
> -Original Message-
> From: Mike G [mailto:[EMAIL PROTECTED] 
> Sent: Monday, May 24, 2004 10:23 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: [ADMIN] pg_hba.conf
> 
> Your ip address range is probably different when connecting via a VPN
> rather than in the office.  By default postgres will not allow
> connections from other locations even if tcpip_socket is true without
> specifying an ip address range, database etc.
> 
> Checkout the docs.  There is a section on pg_hba.conf.
> 
> Mike
> 
> On Mon, May 24, 2004 at 01:02:12PM -0400, [EMAIL PROTECTED] wrote:
> > Yes I can ping the server if not connected via VPN. 
> > 
> > I'm using EMS PostgreSQL Manager, which works if not via VPN. 
> > 
> > Yes, postgresql.conf's tcpip_socket = true.
> > 
> > The log says: FATAL: No pg_hba.conf entry for host 10.29.15.113, user
> > postgres, database TEST.
> > 
> > Thanks for your help!
> > 
> > Regards,
> > - Lily Anne
> > 
> > 
> > -Original Message-
> > From: Robert Treat [mailto:[EMAIL PROTECTED] 
> > Sent: Friday, May 21, 2004 8:04 PM
> > To: [EMAIL PROTECTED]
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: [ADMIN] pg_hba.conf
> > 
> > can you ping the server that postgresql is living on?  or maybe your 
> > misrepresenting the error message...  what program are you using to
> try
> > and 
> > connect? can you verify that tcpip_sockets is turned on the server?
> > also, if 
> > it is a database problem there will be an exact error message being
> > reported 
> > in the logs of type FATAL, can you send us that?
> > 
> > Robert Treat
> > 
> > On Friday 21 May 2004 17:01, [EMAIL PROTECTED] wrote:
> > > Thanks Robert!
> > >
> > > I did that as well and still didn't work. Any other ideas?
> > >
> > > -Original Message-
> > > From: Robert Treat [mailto:[EMAIL PROTECTED]
> > > Sent: Friday, May 21, 2004 4:41 PM
> > > To: [EMAIL PROTECTED]
> > > Cc: [EMAIL PROTECTED]
> > > Subject: Re: [ADMIN] pg_hba.conf
> > >
> > > On Thu, 2004-05-20 at 19:52, [EMAIL PROTECTED] wrote:
> > > > I'm trying to access our test postgreSQL server via VPN and even
> > >
> > > though
> > >
> > > > I already setup the host for the vpn's ip address, I'm still
> getting
> > >
> > > an
> > >
> > > > error similar to "host for vpn address does not exist"
> > > >
> > > > What am I doing incorrectly?
> > >
> > > The error similar to that that I am thinking of would indicate that
> > the
> > > ip address of your client machine does not fall into the scheme laid
> > out
> > > in your pg_hba.conf. Most likely you need to add your home machines
> ip
> > > into the pg_hba.conf (or open up one of the existing entries to
> > include
> > > the machine your connecting from)
> > >
> > > HTH
> > >
> > > Robert Treat
> > 
> > -- 
> > Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
> > 
> > ---(end of
> broadcast)---
> > TIP 4: Don't 'kill -9' the postmaster
> 
> ---(end of broadcast)---
> TIP 7: don't forget to increase your free space map settings

---(end of broadcast)---
TIP 6: Have you searched our list archives?

   http://archives.postgresql.org

Re: [ADMIN] pg_hba.conf

[Jim Seymour]

<[EMAIL PROTECTED]> wrote:
> 
> Thanks Mike!
> 
> I already specified the IP address that was specified by my VPN
> connection. I read through the docs and found nothing about anything
> special with VPN connections.

Which address?  The address at your end of the connection may not be
the same as the address at the other end: The end trying to connect to
the pgsql server.

It appears from this

"The log says: FATAL: No pg_hba.conf entry for host 10.29.15.113, ..."

the pgsql server sees (or saw) you coming from 10.29.15.113.  So is
that address, or a superset of it, in pg_hba.conf?  Has the server been
kicked in the pants to recognize the config change since it was added?

Jim

---(end of broadcast)---
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])

Re: [ADMIN] pg_hba.conf

[LSanchez]

Or it might be a security issue with how our VPN is setup. I'll talk to
our security folks and see what they will find.

Thanks!



-Original Message-
From: Sanchez, Lily 
Sent: Tuesday, May 25, 2004 2:55 PM
To: 'Tom Lane'
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: RE: [ADMIN] pg_hba.conf 

Um, I restarted postmaster so many times already after I made the entry
and this is the only pg_hba.conf file in our server (you're right,
$PGDATA/pg_hba.conf). It's a brand new server that had just been built.

Have you tried connecting to your pgSQL server via VPN?

Thanks! 

-Original Message-
From: Tom Lane [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, May 25, 2004 2:51 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: Re: [ADMIN] pg_hba.conf 

<[EMAIL PROTECTED]> writes:
> Here it is

> host   all  all 10.29.15.0  255.255.255.0  trust

That line certainly ought to match your connection.  I think this has
got to be pilot error: either you didn't SIGHUP the postmaster or you
are editing the wrong copy of the file.  (The right copy is
$PGDATA/pg_hba.conf.)

regards, tom lane

---(end of broadcast)---
TIP 5: Have you checked our extensive FAQ?

   http://www.postgresql.org/docs/faqs/FAQ.html

Re: [ADMIN] pg_hba.conf

[LSanchez]

Um, I restarted postmaster so many times already after I made the entry
and this is the only pg_hba.conf file in our server (you're right,
$PGDATA/pg_hba.conf). It's a brand new server that had just been built.

Have you tried connecting to your pgSQL server via VPN?

Thanks! 

-Original Message-
From: Tom Lane [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, May 25, 2004 2:51 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: Re: [ADMIN] pg_hba.conf 

<[EMAIL PROTECTED]> writes:
> Here it is

> host   all  all 10.29.15.0  255.255.255.0  trust

That line certainly ought to match your connection.  I think this has
got to be pilot error: either you didn't SIGHUP the postmaster or you
are editing the wrong copy of the file.  (The right copy is
$PGDATA/pg_hba.conf.)

regards, tom lane

---(end of broadcast)---
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]

Re: [ADMIN] pg_hba.conf

[LSanchez]

Here it is

Thanks! :)

-Original Message-
From: Robert Treat [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, May 25, 2004 1:02 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [ADMIN] pg_hba.conf

I am thinking that the entry for this ip has an issue with the username
and/or 
database specified in the line (or maybe conflicting entries?)  Would
you 
mind posting your complete pg_hba.conf to the list?  

Robert Treat

On Tuesday 25 May 2004 10:50, [EMAIL PROTECTED] wrote:
> Yes sir, did that, too.
>
> Thanks,
> - Lily Anne
>
> -Original Message-
> From: Tom Lane [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, May 25, 2004 10:50 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Subject: Re: [ADMIN] pg_hba.conf
>
> <[EMAIL PROTECTED]> writes:
> > I already specified the IP address that was specified by my VPN
> > connection.
>
> This is a long shot, but ... did you remember to SIGHUP the postmaster
> after editing pg_hba.conf to allow that IP address?
>
>   regards, tom lane

-- 
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL


pg_hba.conf
Description: pg_hba.conf

---(end of broadcast)---
TIP 7: don't forget to increase your free space map settings

Re: [ADMIN] pg_hba.conf

[Robert Treat]

I am thinking that the entry for this ip has an issue with the username and/or 
database specified in the line (or maybe conflicting entries?)  Would you 
mind posting your complete pg_hba.conf to the list?  

Robert Treat

On Tuesday 25 May 2004 10:50, [EMAIL PROTECTED] wrote:
> Yes sir, did that, too.
>
> Thanks,
> - Lily Anne
>
> -Original Message-
> From: Tom Lane [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, May 25, 2004 10:50 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Subject: Re: [ADMIN] pg_hba.conf
>
> <[EMAIL PROTECTED]> writes:
> > I already specified the IP address that was specified by my VPN
> > connection.
>
> This is a long shot, but ... did you remember to SIGHUP the postmaster
> after editing pg_hba.conf to allow that IP address?
>
>   regards, tom lane

-- 
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL

---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster

Re: [ADMIN] pg_hba.conf

[LSanchez]

Yes sir, did that, too.

Thanks,
- Lily Anne

-Original Message-
From: Tom Lane [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, May 25, 2004 10:50 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: Re: [ADMIN] pg_hba.conf 

<[EMAIL PROTECTED]> writes:
> I already specified the IP address that was specified by my VPN
> connection.

This is a long shot, but ... did you remember to SIGHUP the postmaster
after editing pg_hba.conf to allow that IP address?

regards, tom lane

---(end of broadcast)---
TIP 7: don't forget to increase your free space map settings

Re: [ADMIN] pg_hba.conf

[Tom Lane]

<[EMAIL PROTECTED]> writes:
> I already specified the IP address that was specified by my VPN
> connection.

This is a long shot, but ... did you remember to SIGHUP the postmaster
after editing pg_hba.conf to allow that IP address?

regards, tom lane

---(end of broadcast)---
TIP 5: Have you checked our extensive FAQ?

   http://www.postgresql.org/docs/faqs/FAQ.html

Re: [ADMIN] pg_hba.conf

[LSanchez]

Thanks Mike!

I already specified the IP address that was specified by my VPN
connection. I read through the docs and found nothing about anything
special with VPN connections.

Regards,
- Lily Anne

-Original Message-
From: Mike G [mailto:[EMAIL PROTECTED] 
Sent: Monday, May 24, 2004 10:23 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [ADMIN] pg_hba.conf

Your ip address range is probably different when connecting via a VPN
rather than in the office.  By default postgres will not allow
connections from other locations even if tcpip_socket is true without
specifying an ip address range, database etc.

Checkout the docs.  There is a section on pg_hba.conf.

Mike

On Mon, May 24, 2004 at 01:02:12PM -0400, [EMAIL PROTECTED] wrote:
> Yes I can ping the server if not connected via VPN. 
> 
> I'm using EMS PostgreSQL Manager, which works if not via VPN. 
> 
> Yes, postgresql.conf's tcpip_socket = true.
> 
> The log says: FATAL: No pg_hba.conf entry for host 10.29.15.113, user
> postgres, database TEST.
> 
> Thanks for your help!
> 
> Regards,
> - Lily Anne
> 
> 
> -Original Message-
> From: Robert Treat [mailto:[EMAIL PROTECTED] 
> Sent: Friday, May 21, 2004 8:04 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: [ADMIN] pg_hba.conf
> 
> can you ping the server that postgresql is living on?  or maybe your 
> misrepresenting the error message...  what program are you using to
try
> and 
> connect? can you verify that tcpip_sockets is turned on the server?
> also, if 
> it is a database problem there will be an exact error message being
> reported 
> in the logs of type FATAL, can you send us that?
> 
> Robert Treat
> 
> On Friday 21 May 2004 17:01, [EMAIL PROTECTED] wrote:
> > Thanks Robert!
> >
> > I did that as well and still didn't work. Any other ideas?
> >
> > -Original Message-
> > From: Robert Treat [mailto:[EMAIL PROTECTED]
> > Sent: Friday, May 21, 2004 4:41 PM
> > To: [EMAIL PROTECTED]
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: [ADMIN] pg_hba.conf
> >
> > On Thu, 2004-05-20 at 19:52, [EMAIL PROTECTED] wrote:
> > > I'm trying to access our test postgreSQL server via VPN and even
> >
> > though
> >
> > > I already setup the host for the vpn's ip address, I'm still
getting
> >
> > an
> >
> > > error similar to "host for vpn address does not exist"
> > >
> > > What am I doing incorrectly?
> >
> > The error similar to that that I am thinking of would indicate that
> the
> > ip address of your client machine does not fall into the scheme laid
> out
> > in your pg_hba.conf. Most likely you need to add your home machines
ip
> > into the pg_hba.conf (or open up one of the existing entries to
> include
> > the machine your connecting from)
> >
> > HTH
> >
> > Robert Treat
> 
> -- 
> Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
> 
> ---(end of
broadcast)---
> TIP 4: Don't 'kill -9' the postmaster

---(end of broadcast)---
TIP 7: don't forget to increase your free space map settings

Re: [ADMIN] pg_hba.conf

[Mike G]

Your ip address range is probably different when connecting via a VPN rather than in 
the office.  By default postgres will not allow connections from other locations even 
if tcpip_socket is true without specifying an ip address range, database etc.

Checkout the docs.  There is a section on pg_hba.conf.

Mike

On Mon, May 24, 2004 at 01:02:12PM -0400, [EMAIL PROTECTED] wrote:
> Yes I can ping the server if not connected via VPN. 
> 
> I'm using EMS PostgreSQL Manager, which works if not via VPN. 
> 
> Yes, postgresql.conf's tcpip_socket = true.
> 
> The log says: FATAL: No pg_hba.conf entry for host 10.29.15.113, user
> postgres, database TEST.
> 
> Thanks for your help!
> 
> Regards,
> - Lily Anne
> 
> 
> -Original Message-
> From: Robert Treat [mailto:[EMAIL PROTECTED] 
> Sent: Friday, May 21, 2004 8:04 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: [ADMIN] pg_hba.conf
> 
> can you ping the server that postgresql is living on?  or maybe your 
> misrepresenting the error message...  what program are you using to try
> and 
> connect? can you verify that tcpip_sockets is turned on the server?
> also, if 
> it is a database problem there will be an exact error message being
> reported 
> in the logs of type FATAL, can you send us that?
> 
> Robert Treat
> 
> On Friday 21 May 2004 17:01, [EMAIL PROTECTED] wrote:
> > Thanks Robert!
> >
> > I did that as well and still didn't work. Any other ideas?
> >
> > -Original Message-
> > From: Robert Treat [mailto:[EMAIL PROTECTED]
> > Sent: Friday, May 21, 2004 4:41 PM
> > To: [EMAIL PROTECTED]
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: [ADMIN] pg_hba.conf
> >
> > On Thu, 2004-05-20 at 19:52, [EMAIL PROTECTED] wrote:
> > > I'm trying to access our test postgreSQL server via VPN and even
> >
> > though
> >
> > > I already setup the host for the vpn's ip address, I'm still getting
> >
> > an
> >
> > > error similar to "host for vpn address does not exist"
> > >
> > > What am I doing incorrectly?
> >
> > The error similar to that that I am thinking of would indicate that
> the
> > ip address of your client machine does not fall into the scheme laid
> out
> > in your pg_hba.conf. Most likely you need to add your home machines ip
> > into the pg_hba.conf (or open up one of the existing entries to
> include
> > the machine your connecting from)
> >
> > HTH
> >
> > Robert Treat
> 
> -- 
> Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
> 
> ---(end of broadcast)---
> TIP 4: Don't 'kill -9' the postmaster

---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster

Re: [ADMIN] pg_hba.conf

[LSanchez]

Yes I can ping the server if not connected via VPN. 

I'm using EMS PostgreSQL Manager, which works if not via VPN. 

Yes, postgresql.conf's tcpip_socket = true.

The log says: FATAL: No pg_hba.conf entry for host 10.29.15.113, user
postgres, database TEST.

Thanks for your help!

Regards,
- Lily Anne


-Original Message-
From: Robert Treat [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 21, 2004 8:04 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [ADMIN] pg_hba.conf

can you ping the server that postgresql is living on?  or maybe your 
misrepresenting the error message...  what program are you using to try
and 
connect? can you verify that tcpip_sockets is turned on the server?
also, if 
it is a database problem there will be an exact error message being
reported 
in the logs of type FATAL, can you send us that?

Robert Treat

On Friday 21 May 2004 17:01, [EMAIL PROTECTED] wrote:
> Thanks Robert!
>
> I did that as well and still didn't work. Any other ideas?
>
> -Original Message-
> From: Robert Treat [mailto:[EMAIL PROTECTED]
> Sent: Friday, May 21, 2004 4:41 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: [ADMIN] pg_hba.conf
>
> On Thu, 2004-05-20 at 19:52, [EMAIL PROTECTED] wrote:
> > I'm trying to access our test postgreSQL server via VPN and even
>
> though
>
> > I already setup the host for the vpn's ip address, I'm still getting
>
> an
>
> > error similar to "host for vpn address does not exist"
> >
> > What am I doing incorrectly?
>
> The error similar to that that I am thinking of would indicate that
the
> ip address of your client machine does not fall into the scheme laid
out
> in your pg_hba.conf. Most likely you need to add your home machines ip
> into the pg_hba.conf (or open up one of the existing entries to
include
> the machine your connecting from)
>
> HTH
>
> Robert Treat

-- 
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL

---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster

Re: [ADMIN] pg_hba.conf

[Robert Treat]

can you ping the server that postgresql is living on?  or maybe your 
misrepresenting the error message...  what program are you using to try and 
connect? can you verify that tcpip_sockets is turned on the server? also, if 
it is a database problem there will be an exact error message being reported 
in the logs of type FATAL, can you send us that?

Robert Treat

On Friday 21 May 2004 17:01, [EMAIL PROTECTED] wrote:
> Thanks Robert!
>
> I did that as well and still didn't work. Any other ideas?
>
> -Original Message-
> From: Robert Treat [mailto:[EMAIL PROTECTED]
> Sent: Friday, May 21, 2004 4:41 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: [ADMIN] pg_hba.conf
>
> On Thu, 2004-05-20 at 19:52, [EMAIL PROTECTED] wrote:
> > I'm trying to access our test postgreSQL server via VPN and even
>
> though
>
> > I already setup the host for the vpn's ip address, I'm still getting
>
> an
>
> > error similar to "host for vpn address does not exist"
> >
> > What am I doing incorrectly?
>
> The error similar to that that I am thinking of would indicate that the
> ip address of your client machine does not fall into the scheme laid out
> in your pg_hba.conf. Most likely you need to add your home machines ip
> into the pg_hba.conf (or open up one of the existing entries to include
> the machine your connecting from)
>
> HTH
>
> Robert Treat

-- 
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL

---(end of broadcast)---
TIP 8: explain analyze is your friend

Re: [ADMIN] pg_hba.conf

[LSanchez]

Thanks Robert!

I did that as well and still didn't work. Any other ideas?

-Original Message-
From: Robert Treat [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 21, 2004 4:41 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [ADMIN] pg_hba.conf

On Thu, 2004-05-20 at 19:52, [EMAIL PROTECTED] wrote:
> I'm trying to access our test postgreSQL server via VPN and even
though
> I already setup the host for the vpn's ip address, I'm still getting
an
> error similar to "host for vpn address does not exist"
>  
> What am I doing incorrectly?
>  

The error similar to that that I am thinking of would indicate that the
ip address of your client machine does not fall into the scheme laid out
in your pg_hba.conf. Most likely you need to add your home machines ip
into the pg_hba.conf (or open up one of the existing entries to include
the machine your connecting from)

HTH

Robert Treat
-- 
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL


---(end of broadcast)---
TIP 5: Have you checked our extensive FAQ?

   http://www.postgresql.org/docs/faqs/FAQ.html

Re: [ADMIN] pg_hba.conf

[Robert Treat]

On Thu, 2004-05-20 at 19:52, [EMAIL PROTECTED] wrote:
> I'm trying to access our test postgreSQL server via VPN and even though
> I already setup the host for the vpn's ip address, I'm still getting an
> error similar to "host for vpn address does not exist"
>  
> What am I doing incorrectly?
>  

The error similar to that that I am thinking of would indicate that the
ip address of your client machine does not fall into the scheme laid out
in your pg_hba.conf. Most likely you need to add your home machines ip
into the pg_hba.conf (or open up one of the existing entries to include
the machine your connecting from)

HTH

Robert Treat
-- 
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL


---(end of broadcast)---
TIP 8: explain analyze is your friend

Re: [ADMIN] pg_hba.conf and user files

[Tom Lane]

<[EMAIL PROTECTED]> writes:
> I am trying to set up pg_hba.conf for PostgreSQL 7.3.  I want to limit
> access to a database from a host to the set of users in a file.  The
> documentation suggests that this is done as follows:

>   host dbname @user_file 10.0.1.12 255.255.255.255 md5

> However, the postmaster complains of a syntax error for lines such as
> this.

Hm, looks all right to me.  What's the *exact* error message?  Also,
please look in the postmaster's log (stderr or syslog); there may be
more info there than is reported to the client.

regards, tom lane

---(end of broadcast)---
TIP 6: Have you searched our list archives?

   http://archives.postgresql.org

Re: [ADMIN] pg_hba.conf and postgresql 7.2

[Bruno Wolff III]

On Tue, Feb 03, 2004 at 12:48:34 -0600,
  [EMAIL PROTECTED] wrote:
> New to postgresql...I've done a lot of google-searching and searching of
> the pgsql archives but haven't found much...
> 
> 
> I'm trying to configure pg_hba.conf so that:
> 
> 1. using a local connection, user postgres does not require a password for any 
> database
> 2. using a local connection, all other users require password for all
> databases
> 
> We are running debian stable so we have postgresql 7.2  From what I
> understand, the syntax of pg_hba.conf changed with 7.3, making it easier
> to do what I want to above.  With 7.3, I would do this I think:
> 
> local all postgrestrust
> local all md5
> 
> Is there a way to accomplish this with version 7.2?  

I don't believe you can do it with 7.2. The first rule that matches
on database, connection type and IP address applies. So you can't
have different authentication methods for different database users.

> 
> If not, I was planning on setting a password for user postgres.  However,
> in that case, what's the easiest way for backup scripts, etc, running as
> user postgres to be passed the password?

You might look at using ident authentication and a sameuser mapping.
Whether this will work for you or not depends on how OS users relate
to DB users.

---(end of broadcast)---
TIP 7: don't forget to increase your free space map settings

Re: [ADMIN] pg_hba.conf

[Christopher Browne]

[EMAIL PROTECTED] (Ashok Chauhan) writes:

>>>If I do any changes in pg_hba.conf file do I need restart pgsql.
>>>The changes I made does not taking effect.
>>>ganesh
>
> Yes, you need to restart pgsql.
> the changes you made it does not effect.

No, you do NOT need to restart the postmaster; that is just one of a
number of methods of making these sorts of changes take effect.

Methods include:

1.  Well, yes, restarting the postmaster.

2.  The command "pg_ctl reload"

3.  The command "kill -HUP [process ID of postmaster]"

2 and 3 do the same thing, despite appearing different...
-- 
let name="cbbrowne" and tld="libertyrms.info" in String.concat "@" [name;tld];;

Christopher Browne
(416) 646 3304 x124 (land)

---(end of broadcast)---
TIP 5: Have you checked our extensive FAQ?

   http://www.postgresql.org/docs/faqs/FAQ.html

Re: [ADMIN] pg_hba.conf

[Will LaShell]

Ashok Chauhan wrote:

 

If I do any changes in pg_hba.conf file do I need restart pgsql.
The changes I made does not taking effect.
ganesh
 

Yes, you need to restart pgsql.
the changes you made it does not effect.
but also my suggestion is that to perform any changes in pg_hba.conf or
any pgsql configration file , please stop the postgresql and then make
changes and restart it again.
 

This is uncessary for pg_hba.conf edits.  Simply call pg_ctl reload to 
reread the access list.

Will

---(end of broadcast)---
TIP 6: Have you searched our list archives?
  http://archives.postgresql.org

RE : [ADMIN] pg_hba.conf

[Bruno BAGUETTE]

Ganesan Kanavathy a écrit :

>If I do any changes in pg_hba.conf file do I need restart pgsql.
>The changes I made does not taking effect.

Hello,

The PostgreSQL documentation indicates that the pg_hba.conf file is read
on start-up and when the postmaster receives a SIGHUP signal. If you
edit the file on an active system, you will need to signal the
postmaster (using pg_ctl reload or kill -HUP) to make it re-read the
file.

You can have more infos about the pg_hba.conf file in the following URL
:
http://www.postgresql.org/docs/7.3/static/client-authentication.html#AUT
H-PG-HBA-CONF

Hope this helps :-)

Regards,

---
Bruno BAGUETTE - [EMAIL PROTECTED]


---(end of broadcast)---
TIP 3: if posting/reading through Usenet, please send an appropriate
  subscribe-nomail command to [EMAIL PROTECTED] so that your
  message can get through to the mailing list cleanly

Re: [ADMIN] pg_hba.conf improvements

[Tom Lane]

Holger Jakobs <[EMAIL PROTECTED]> writes:
> What about leaving it to the administrator of a system to provide a
> function (either a C function in a shared lib or an executable) which
> gets information passed and decides whether the access will be granted?

I think this is exactly what PAM is for.  Write your own authentication
module, plug it in.

regards, tom lane

---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster