Re: I dont understand host connections
| От | ghaverla@freenet.edmonton.ab.ca |
|---|---|
| Тема | Re: I dont understand host connections |
| Дата | |
| Msg-id | Pine.A41.3.95.1021007132854.5026B-100000@freenet.edmonton.ab.ca обсуждение исходный текст |
| Ответ на | I dont understand host connections (Thad Humphries <thad@mindwrap.com>) |
| Список | pgsql-novice |
On 7 Oct 2002, Thad Humphries wrote: > I am trying a host connection but to no avail. In postgresql.conf I > have tcpip_socket = true and port = 5432. In pq_hda.conf I have > > host all 0.0.0.0 0.0.0.0 md5 optix.conf > local all md5 optix.conf > > in pg_hda.conf and restart PostgreSQL, I'm prompted for a password and > can log in. First off, you have a typo. The file is pg_hba.conf (PostGresql_ HostBasedAccess.CONFiguration). But I think you really are using the right file. (What follows is how I justify this stuff to myself, and may not be literally correct.) It is not unusual to have multiple entries in pg_hba.conf. Like a lot of other access configuration files (say /etc/hosts.allow), postgres traverses the rules in order, looking for a match. I believe the default for falling off the end of the rules without a match is to reject the connection. Now, the "local" connection is used to indicate connections to postgres over UNIX sockets, not over a TCP/IP connection. It is basically the safest connection type, as the calling user/process must be local. Every machine with an IP stack is going to have 127.0.0.1 set up as a local TCP/IP connection. If, in addition you are on a LAN, you may also have a local IP (or multiple IPs) which correspond to the various interfaces on the machine. So, a local entry may in fact be composed of something like: local all md5 password_file host all 127.0.0.1 255.255.255.255 md5 password_file host all 192.168.0.1 255.255.255.255 md5 password_file So, local processes have an option of connecting by UNIX sockets, connections to localhost and connections to the IP of one of the NIC interfaces (here assumed to be 192.168.0.1). After you have listed your local connections, you may want to go on to specify non-local connections. Such as accepting connections from other machines on your LAN, or ignoring requests from some troublesome machine that tries to connect (and you aren't blocking by firewall). You may want to put an explicit reject last. host all 0.0.0.0 0.0.0.0 reject I hope the above is close to being literally correct and useful. Gord
В списке pgsql-novice по дате отправления: