Re: pg_hba.conf && ident ...

Tom Lane writes:
> The Hermit Hacker <scrappy@hub.org> writes:
> > i pg_hba.conf, that host has:
> > host    trends_acctng   216.126.72.30   255.255.255.255 ident sameuser
> > And its the only time we have ident being used ... 
> > right now, its the only theory I ahve to work with ... 
> 
> Bingo.  All your cores show the thing waiting inside the ident code:
[...]
> Looking at the code, there doesn't seem to be any defense against a
> broken ident server --- there is no timeout or anything being used here!
> Ugh.  Has it always been like this?
> 
> Anyway, I think the immediate fix for you is to stop using ident auth
> for that host, at least till we can improve this code...

I came across this problem a year and a half ago. In my case, the
problem was that the client was connecting more than the default limit
of 40 times per minute so inetd was suspending the auth/identd service.
I raised the limit by changing to "nowait.500" and that problem went
away. I'd thought that I'd fixed PostgreSQL itself too but looking
back in my mail logs I can only find my patch which fixes the problem
with sending ident requests from a server with an IP alias. I may have
forgotten to send in the patch (or even to write one) for the "ident
synchronous in postmaster" problem itself. Sorry. I'll look harder.

--Malcolm

-- 
Malcolm Beattie <mbeattie@sable.ox.ac.uk>
Unix Systems Programmer
Oxford University Computing Services