Re: Connection fails on one system in a address range allowed to connect
| От | Tom Lane |
|---|---|
| Тема | Re: Connection fails on one system in a address range allowed to connect |
| Дата | |
| Msg-id | 1671956.1700664040@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: Connection fails on one system in a address range allowed to connect (Laurenz Albe <laurenz.albe@cybertec.at>) |
| Список | pgsql-general |
Laurenz Albe <laurenz.albe@cybertec.at> writes:
> On Tue, 2023-11-21 at 23:27 +0000, Johnson, Bruce E - (bjohnson) wrote:
>> DBI connect('dbname=webdata;host=dhbpostgres.pharmacy.arizona.edu;port=5432','trav',...) failed: FATAL: password
authenticationfailed for user "trav"
>> FATAL: no pg_hba.conf entry for host "150.135.124.50", user "trav", database "webdata", no encryption at
./pg_test.plline 8.
>>
>> The pg_hba.conf on the server includes this which should encompass all systems in this VLAN
>> # external 'OldMTM' site range
>> hostssl all all 150.135.124.0/25 password
> "no encryption" does not match a "hostssl" entry.
Yeah. What is probably happening here is that (with the default sslmode)
libpq is trying an SSL connection, that's failing for some reason, and
then it tries a non-SSL connection which definitely fails for lack of
a matching pg_hba.conf entry; and then for some other reason you are
only shown the message concerning the last attempt.
Theory B is that your libpq wasn't compiled with SSL support so it
skips right to the non-SSL attempt.
Laurenz's suggestion of adding sslmode=require is a good debugging
step either way, since it will either tell you for sure that you
are missing SSL support or show you the failure from the single
SSL-enabled attempt. Alternatively, turn on log_connections and
see what the server log captures. (You might need to do that
anyway if the client-side message isn't sufficiently informative.)
regards, tom lane
В списке pgsql-general по дате отправления: