Обсуждение: local authentication with md5

Поиск
Список
Период
Сортировка

local authentication with md5

От
Bernhard D Rohrer
Дата:
Hi all

I have set my authentication to

# "local" is for Unix domain socket connections only
local   all         all                               md5 #ident sameuser

for security reasons

this leads to this problem when trying to run a script:

30-Mar 17:47 collab-dir: BeforeJob: run command
"/etc/bacula/scripts/make_catalog_backup bacula postgres
'md5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'"
30-Mar 17:47 collab-dir: BeforeJob: pg_dump: [archiver (db)] connection
to database "bacula" failed: FATAL: Ident authentication failed for user
"postgres"

how does one pass an md5 encrypted pw to postgres? I tried it with clear
as well, but that failed too. Not happy doing that anyway.

many thanks in advance

Bernhard

--
Graylion's Fetish & Fashion Store
Goth and Kinky Boots, Clothing and Jewellery
http://www.graylion.net


Re: local authentication with md5 - solved

От
Bernhard D Rohrer
Дата:
Bernhard D Rohrer wrote:
> Hi all
>
> I have set my authentication to
>
> # "local" is for Unix domain socket connections only
> local   all         all                               md5 #ident sameuser
>
> for security reasons
>
> this leads to this problem when trying to run a script:
>
> 30-Mar 17:47 collab-dir: BeforeJob: run command
> "/etc/bacula/scripts/make_catalog_backup bacula postgres
> 'md5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'"
> 30-Mar 17:47 collab-dir: BeforeJob: pg_dump: [archiver (db)]
> connection to database "bacula" failed: FATAL: Ident authentication
> failed for user "postgres"
>
> how does one pass an md5 encrypted pw to postgres? I tried it with
> clear as well, but that failed too. Not happy doing that anyway.
>
> many thanks in advance
>
> Bernhard
>
sorted, thanks!

--
Graylion's Fetish & Fashion Store
Goth and Kinky Boots, Clothing and Jewellery
http://www.graylion.net


Re: local authentication with md5

От
Tom Lane
Дата:
Bernhard D Rohrer <graylion@sm-wg.net> writes:
> I have set my authentication to
> # "local" is for Unix domain socket connections only
> local   all         all                               md5 #ident sameuser

Are you sure this actually took effect (ie did you "pg_ctl reload")?

> 30-Mar 17:47 collab-dir: BeforeJob: run command
> "/etc/bacula/scripts/make_catalog_backup bacula postgres
> 'md5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'"
> 30-Mar 17:47 collab-dir: BeforeJob: pg_dump: [archiver (db)] connection
> to database "bacula" failed: FATAL: Ident authentication failed for user
> "postgres"

It's clear that this connection is trying to use ident not md5.
Either you didn't make the pg_hba edit take effect, or bacula
is trying to use TCP instead of Unix-socket connection and you
still have the "host" line set to ident.

            regards, tom lane

Re: local authentication with md5

От
Bernhard D Rohrer
Дата:
Tom Lane wrote:
> Bernhard D Rohrer <graylion@sm-wg.net> writes:
>> I have set my authentication to
>> # "local" is for Unix domain socket connections only
>> local   all         all                               md5 #ident sameuser
>
> Are you sure this actually took effect (ie did you "pg_ctl reload")?
>
>> 30-Mar 17:47 collab-dir: BeforeJob: run command
>> "/etc/bacula/scripts/make_catalog_backup bacula postgres
>> 'md5xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'"
>> 30-Mar 17:47 collab-dir: BeforeJob: pg_dump: [archiver (db)] connection
>> to database "bacula" failed: FATAL: Ident authentication failed for user
>> "postgres"
>
> It's clear that this connection is trying to use ident not md5.
> Either you didn't make the pg_hba edit take effect, or bacula
> is trying to use TCP instead of Unix-socket connection and you
> still have the "host" line set to ident.
>
>             regards, tom lane

The bizarre thing is that removing #ident sameuser solved it

clearly the # is not parsed correctly after a statement

cheers

Bernhard

--
Graylion's Fetish & Fashion Store
Goth and Kinky Boots, Clothing and Jewellery
http://www.graylion.net