Re: confirming security.

Thx John,

It got me a long way.  I actually have a more complex installation (I think=
) that I originally thought on my test linux box.  Looks like all the files=
 that I modify are under /var/lib/post../coord.

I added the line.. to pg_hba.conf

hostssl   all           all           127.0.0.1/32       cert

and after restarting the coordinator node, it errored because I had to modi=
fy postgresql.conf (ssl=3Doff) .  So I feel that the server is now running =
in SSL mode.

But when I used psql...I'm getting this....

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
postgres-xc@adminuser-VirtualBox:~/coord$ psql -h localhost testdb
psql (PGXC 1.0.0, based on PG 9.1.4)
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
Type "help" for help.

testdb=3D# select 2+2;
?column?
----------
        4
(1 row)

testdb=3D# \q
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

It's telling me it's through an SSL connection, but I didn't specify any ke=
ystore on my side for psql?  Does it pick it up from somewhere?
Any help is greatly appreciated :)

Postgresql isn't half bad ;)



From: pgsql-general-owner@postgresql.org [mailto:pgsql-general-owner@postgr=
esql.org] On Behalf Of John R Pierce
Sent: Thursday, February 21, 2013 11:04 PM
To: pgsql-general@postgresql.org
Subject: Re: [GENERAL] confirming security.

On 2/21/2013 7:55 PM, Maz Mohammadi wrote:

When I start the server, there is no change in the authentication. I can st=
ill login using psql for the same person.

did you disable other authentication methods in pg_hba.conf ?      I would =
leave the LOCAL line as peer, and use ssl for HOST lines, then to test, use=
 psql -h localhost .....





--

john r pierce                                      37N 122W

somewhere on the middle of the left coast