Re: [GENERAL] Client Authentication methods

2017-11-10 Thread Peter J. Holzer 
On 2017-11-10 08:25:24 -0500, chiru r wrote:
> I am trying to understand the Authentication method in pg_hba.conf file
> (password & md5) in PostgreSQL database server. 
> 
> I am assuming that the user provides the  connection string host/usser/
> password,then client will go and contact the DB server pg_hba.conf file in
> memory without carrying password over the network initially, and then it
> confirms the authentication method from pg_hba.conf ,then it decides weather 
> it
> send clear text or md5 encrypted password from client to Server to make a
> session?

I'm not sure what "it" refers to in this sentence. If "it" refers to the
client (as grammatically it should) then the answer is no. The client
doesn't have access to the pg_hba.conf file.

The client connects to the server, sending the username and database
name, but not (yet) the password. Then the server checks the pg_hba.conf
file to determine which authentication method to use. The server then
sends an authentication request to the client, to which the client sends
a response (including, or based on, the password).


> Is my assumption is correct ? or What exactly it make the difference for 
> client
> if i use md5/password  in pg_hba.conf file in DB server?.

See
https://www.postgresql.org/docs/10/static/auth-methods.html#AUTH-PASSWORD

With method password, passwords are sent in plain text. With md5, an md5
hash of the password, the username, and a nonce is sent instead.

hp

-- 
   _  | Peter J. Holzer| we build much bigger, better disasters now
|_|_) || because we have much more sophisticated
| |   | h...@hjp.at | management tools.
__/   | http://www.hjp.at/ | -- Ross Anderson 


signature.asc
Description: PGP signature

Re: [GENERAL] Client Authentication methods

2017-11-10 Thread Berend Tober 

chiru r wrote:

Hi All,

I am trying to understand the Authentication method in pg_hba.conf file (password 
& md5) in
PostgreSQL database server.

I am assuming that the user provides the  connection string 
host/usser/password,then client will go
and contact the DB server pg_hba.conf file in memory without carrying password 
over the network
initially, and then it confirms the authentication method from pg_hba.conf 
,then it decides weather
it send clear text or md5 encrypted password from client to Server to make a 
session?

Is my assumption is correct ? or What exactly it make the difference for client 
if i use
md5/password  in pg_hba.conf file in DB server?.




Your assumptions sound consistent with documentation appearing at


https://www.postgresql.org/docs/10/static/protocol-flow.html

https://www.postgresql.org/docs/10/static/auth-methods.html

-- B




--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

[GENERAL] Client Authentication methods

2017-11-10 Thread chiru r 
Hi All,

I am trying to understand the Authentication method in pg_hba.conf file
(password & md5) in PostgreSQL database server.

I am assuming that the user provides the  connection string
host/usser/password,then client will go and contact the DB server
pg_hba.conf file in memory without carrying password over the network
initially, and then it confirms the authentication method from pg_hba.conf
,then it decides weather it send clear text or md5 encrypted password from
client to Server to make a session?

Is my assumption is correct ? or What exactly it make the difference for
client if i use md5/password  in pg_hba.conf file in DB server?.

Thanks,
chiru

[GENERAL] Client Authentication

2008-04-18 Thread Stefan Sturm 
Hello,

I set up a PostgreSQL 8.3.1 Server on my Webserver( located somewhere in the
web ).
On my local Server I use the trust method to access the server. But on my
Webserver I want to use an user with password to access the Server.
So I did the following:

I created a user( as superuser ) with:
createuser -P username


Then I add a new line to the pg_hba.conf file:
hostall username  0.0.0.0   md5

I want to access all databases from all IP-Adresses with this user.

But this fails :-(

WHere is my Error? I hope some can help me.

Thanks and greetings,
Stefan Sturm

Re: [GENERAL] Client Authentication

2008-04-18 Thread A. Kretschmer 
am  Fri, dem 18.04.2008, um  8:41:17 +0200 mailte Stefan Sturm folgendes:
 Hello,
 
 I set up a PostgreSQL 8.3.1 Server on my Webserver( located somewhere in the
 web ).
 On my local Server I use the trust method to access the server. But on my
 Webserver I want to use an user with password to access the Server.
 So I did the following:
 
 I created a user( as superuser ) with:
 createuser -P username
 
 
 Then I add a new line to the pg_hba.conf file:
 hostall username  0.0.0.0   md5
~~~

This should be an CIDR, but it's only a IP.



 
 I want to access all databases from all IP-Adresses with this user.
 
 But this fails :-(
 
 WHere is my Error? I hope some can help me.

Where ist the error-message?


Andreas
-- 
Andreas Kretschmer
Kontakt:  Heynitz: 035242/47150,   D1: 0160/7141639 (mehr: - Header)
GnuPG-ID:   0x3FFF606C, privat 0x7F4584DA   http://wwwkeys.de.pgp.net

-- 
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

Re: [GENERAL] Client Authentication

2008-04-18 Thread Klint Gore 

Stefan Sturm wrote:

Hello,

I set up a PostgreSQL 8.3.1 Server on my Webserver( located somewhere 
in the web ).
On my local Server I use the trust method to access the server. But on 
my Webserver I want to use an user with password to access the Server.

So I did the following:

I created a user( as superuser ) with:
createuser -P username


Then I add a new line to the pg_hba.conf file:
hostall username  0.0.0.0 
http://0.0.0.0   md5


I want to access all databases from all IP-Adresses with this user.

But this fails :-(

WHere is my Error? I hope some can help me.

try adding a subnet mask
  host all username 0.0.0.0  0.0.0.0 md5
or a cidr mask
  host all username 0.0.0.0/0 md5

klint.

--
Klint Gore
Database Manager
Sheep CRC
A.G.B.U.
University of New England
Armidale NSW 2350

Ph: 02 6773 3789  
Fax: 02 6773 3266

EMail: [EMAIL PROTECTED]


--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

Re: [GENERAL] Client Authentication

2008-04-18 Thread Stefan Sturm 
Hello,


 try adding a subnet mask
  host all username 0.0.0.0  0.0.0.0 md5
 or a cidr mask
  host all username 0.0.0.0/0 md5


that's it. I don't know, why I only wrote 0.0.0.0...
Thats cleary my fault.

Thanks for all your help.

Greetings,
Urkman

[GENERAL] Client authentication

2003-09-25 Thread Claudio Lapidus 
Hello

We need to deny access to the database for regular users, while allowing
access to admins and a variety of application scripts.

If we use passwords, everything is fine while interactive, but could not
devise a way for scripts to handle them.

We also tried to set up ident authentication, but Solaris is having a hard
time managing this.

Any hints as to how could this be done?

TIA
cl.

---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster

Re: [GENERAL] Client authentication

2003-09-25 Thread Nigel J. Andrews 
On Thu, 25 Sep 2003, Claudio Lapidus wrote:

 Hello
 
 We need to deny access to the database for regular users, while allowing
 access to admins and a variety of application scripts.
 
 If we use passwords, everything is fine while interactive, but could not
 devise a way for scripts to handle them.
 
 We also tried to set up ident authentication, but Solaris is having a hard
 time managing this.
 
 Any hints as to how could this be done?

Create a ~/.pgpass file for your admins and users the applications run as, if
you're using 7.3. Anything less and I think you would have to use environment
variables (PGUSER and PGPASS?) instead.


--
Nigel Andrews


---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster