Re: 8.4 vs. 9.x: 127.0.0.0/8
| От | Felipe Gasper |
|---|---|
| Тема | Re: 8.4 vs. 9.x: 127.0.0.0/8 |
| Дата | |
| Msg-id | 55CC2E7A.7040504@felipegasper.com обсуждение исходный текст |
| Ответ на | Re: 8.4 vs. 9.x: 127.0.0.0/8 (Martín Marqués <martin@2ndquadrant.com>) |
| Список | pgsql-general |
Dear Martín,
Thank you for leading us to the right solution!
(We’re also suspecting some change in the networking stack from CentOS
6 to 7 may be playing a part here, too, FYI.)
-FG
On 11 Aug 2015 6:30 PM, Martín Marqués wrote:
> I think there might be some misunderstanding here:
>
> El 11/08/15 a las 17:19, Felipe Gasper escribió:
>> Hello all,
>>
>> We are noticing what appears to be a significant difference between
>> PostgreSQL 9.x and 8.4. Not having found documentation that would point
>> us in the direction of a good solution, I thought I’d post our issue here.
>>
>> On CentOS 6 we have postgresql 8.4.20 and the following pg_hba.conf:
>>
>> local samerole all md5
>> host samerole all 127.0.0.200 255.255.255.255 pam
>> pamservice=postgresql_cpses
>> host samerole all 127.0.0.1 255.255.255.255 md5
>> local all postgres md5
>> host all postgres 127.0.0.1 255.255.255.255 md5
>>
>> So connections to 127.0.0.200 are handled by pam, connections to
>> 127.0.0.1 are handled by md5.
>
> No! This means that connections that come from 127.0.0.200 are handled
> by pam, not connection *to*. Same for 127.0.0.1 (which in this case
> means nothing).
>
>> If I run:
>> root@jason:/$ psql -h 127.0.0.200 -U pguser
>> Password for user pguser:
>> psql: FATAL: PAM authentication failed for user "pguser"
>
> Which is the source IP where this command is executed.
>
>> You can see it tried to authenticate using PAM authentication.
>>
>> On CentOS 7 we have postgresql 9.2.13 and the following pg_hba.conf:
>>
>> local samerole all md5
>> host samerole all 127.0.0.200 255.255.255.255 pam
>> pamservice=postgresql_cpses
>> host samerole all 127.0.0.1 255.255.255.255 md5
>> local all postgres md5
>> host all postgres 127.0.0.1 255.255.255.255 md5
>>
>> But, running the command above yields a different result:
>> root@i-0000764a [/usr/local/cpanel]# psql -h 127.0.0.200 -U pguser
>> Password for user pguser:
>> psql: FATAL: password authentication failed for user "pguser"
>
> Well, which is the IP from where you are running this command?
>
> I guess the answer is in some place around that.
>
> Regards,
>
В списке pgsql-general по дате отправления: