Re: pg_hba.conf
| От | Russell Smith |
|---|---|
| Тема | Re: pg_hba.conf |
| Дата | |
| Msg-id | 456197BC.10103@pws.com.au обсуждение исходный текст |
| Ответ на | Re: pg_hba.conf (Tom Allison <tom@tacocat.net>) |
| Ответы |
Re: pg_hba.conf
|
| Список | pgsql-general |
Tom Allison wrote: > Russell Smith wrote: >> Tom Allison wrote: >>> Ran into a mystery that I can't seem to figure out.... >>> >>> >>> I want to authenticate using SSL for all external IP addresses that >>> I have in my subnet. I also want to be able to authenticate via >>> non-SSL for localhost (not unix socket). >>> >>> I thought something like this would work: >>> >>> host all all 127.0.0.1/32 md5 >>> hostssl all all 192.168.0.1/24 md5 >>> >>> But I have a localhost client that can't log in because it keeps >>> trying to authenticate via SSL. >>> >>> What am I doing wrong? It seems simple enough. >> What command are you typing? >> >> #nonssl >> postgres$ psql -h localhost postgres >> #ssl >> postgres$ psql -h 192.168.1.1 postgres >> > > psql -h localhost > > My "other" client is actually postfix and that's also specified as > 'localhost'. > > I suppose you are going to tell me that there is a difference here? > I've always assumed you had to use network IP ranges, not DNS like > names (albeit localhost is a special case). All good, it makes no difference. try hostnossl all all 127.0.0.1/32 md5 that should force non ssl for localhost connections, as long as there are no entries before this one for localhost. Hope that helps. > > ---------------------------(end of broadcast)--------------------------- > TIP 9: In versions below 8.0, the planner will ignore your desire to > choose an index scan if your joining column's datatypes do not > match > >
В списке pgsql-general по дате отправления: