Socket & TCP connections

am 28.03.2010 19:11:05 von Nilesh Govindrajan

Hi,

I'm trying to setup PostgreSQL so that, it will not ask password when=20
connected locally (socket) whereas it will ask when connected using=20
TCP/IP. This should apply ONLY to root account. But this is not working -

local all root trust
local all all md5
# IPv4 local connections:
#host all root 127.0.0.1/32 trust
#host all root ::1/128 trust
host all all 127.0.0.1/32 md5
host all all ::1/128 md5

I cannot give passwordless access to TCP/IP because then it will become=20
a big security hole using PhpPgAdmin exposed to the public.

--=20
Nilesh Govindarajan
Site & Server Administrator
www.itech7.com
à¤®à¥à¤°à¤¾ à¤à¤¾à¤°à¤¤=
à¤®à¤¹à¤¾à¤¨ !
à¤®à¤® à¤à¤¾à¤°à¤¤: à¤®à¤¹=
à¤¤à¥à¤¤à¤® à¤à¤µà¤¤à¥=
!

--=20
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

Re: Socket & TCP connections

am 28.03.2010 23:21:53 von Guillaume Lelarge

Le 28/03/2010 19:11, Nilesh Govindarajan a Ã©crit :
> [...]
> I'm trying to setup PostgreSQL so that, it will not ask password when
> connected locally (socket) whereas it will ask when connected using
> TCP/IP. This should apply ONLY to root account. But this is not working=
-
>=20
> local all root trust
> local all all md5
> # IPv4 local connections:
> #host all root 127.0.0.1/32 trust
> #host all root ::1/128 trust
> host all all 127.0.0.1/32 md5
> host all all ::1/128 md5
>=20
> I cannot give passwordless access to TCP/IP because then it will become
> a big security hole using PhpPgAdmin exposed to the public.
>=20

Could you be more specific on what's not working? the exact error
message would be a great help. BTW, your settings are good for local
access, but you only allow localhost TCP/IP access.

--=20
Guillaume.
http://www.postgresqlfr.org
http://dalibo.com

--=20
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

Re: Socket & TCP connections

am 29.03.2010 03:17:32 von Nilesh Govindrajan

On 03/29/2010 02:51 AM, Guillaume Lelarge wrote:
> Le 28/03/2010 19:11, Nilesh Govindarajan a Ã©crit :
>> [...]
>> I'm trying to setup PostgreSQL so that, it will not ask password when
>> connected locally (socket) whereas it will ask when connected using
>> TCP/IP. This should apply ONLY to root account. But this is not workin=
g -
>>
>> local all root trust
>> local all all md5
>> # IPv4 local connections:
>> #host all root 127.0.0.1/32 trust
>> #host all root ::1/128 trust
>> host all all 127.0.0.1/32 md5
>> host all all ::1/128 md5
>>
>> I cannot give passwordless access to TCP/IP because then it will becom=
e
>> a big security hole using PhpPgAdmin exposed to the public.
>>
>
> Could you be more specific on what's not working? the exact error
> message would be a great help. BTW, your settings are good for local
> access, but you only allow localhost TCP/IP access.
>
>

There's no error message as such. It doesn't do what is expected -=20
should not ask passwords for localhost.

If I connect as psql -U root -d postgres -h localhost, it still asks me=20
for password.

--=20
Nilesh Govindarajan
Site & Server Administrator
www.itech7.com
à¤®à¥à¤°à¤¾ à¤à¤¾à¤°à¤¤=
à¤®à¤¹à¤¾à¤¨ !
à¤®à¤® à¤à¤¾à¤°à¤¤: à¤®à¤¹=
à¤¤à¥à¤¤à¤® à¤à¤µà¤¤à¥=
!

--=20
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

Re: Socket & TCP connections

am 29.03.2010 04:04:12 von Nilesh Govindrajan

Hi, it seems to be working now. Can somebody explain to me how ? See=20
this pg_hba.conf -

# "local" is for Unix domain socket connections only
local all root trust
local all all md5
# IPv4 local connections:
#host all root 127.0.0.1/32 trust
#host all root ::1/128 trust
host all all 127.0.0.1/32 md5
host all all ::1/128 md5

Its the same code I think which I wrote previously. But now it asks=20
password when connected through TCP and doesn't when connected directly=20
as psql -d postgres

PLZ EXPLAIN !! I'm in a big confusion :?

--=20
Nilesh Govindarajan
Site & Server Administrator
www.itech7.com
à¤®à¥à¤°à¤¾ à¤à¤¾à¤°à¤¤=
à¤®à¤¹à¤¾à¤¨ !
à¤®à¤® à¤à¤¾à¤°à¤¤: à¤®à¤¹=
à¤¤à¥à¤¤à¤® à¤à¤µà¤¤à¥=
!

--=20
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

Re: Socket & TCP connections

am 29.03.2010 08:38:41 von tekniksupport

Nilesh Govindarajan skrev 2010-03-29 04.04:
> Hi, it seems to be working now. Can somebody explain to me how ? See
> this pg_hba.conf -

Did you reload the config, i.e pg_ctl reload, after making changes the
first time?

Regards,
roppert

>
> # "local" is for Unix domain socket connections only
> local all root trust
> local all all md5
> # IPv4 local connections:
> #host all root 127.0.0.1/32 trust
> #host all root ::1/128 trust
> host all all 127.0.0.1/32 md5
> host all all ::1/128 md5
>
> Its the same code I think which I wrote previously. But now it asks
> password when connected through TCP and doesn't when connected directly
> as psql -d postgres
>
> PLZ EXPLAIN !! I'm in a big confusion :?
>

--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

Re: Socket & TCP connections

am 29.03.2010 09:20:54 von Guillaume Lelarge

Le 29/03/2010 04:04, Nilesh Govindarajan a Ã©crit :
> Hi, it seems to be working now. Can somebody explain to me how ? See
> this pg_hba.conf -
>=20
> # "local" is for Unix domain socket connections only
> local all root trust
> local all all md5
> # IPv4 local connections:
> #host all root 127.0.0.1/32 trust
> #host all root ::1/128 trust
> host all all 127.0.0.1/32 md5
> host all all ::1/128 md5
>=20
> Its the same code I think which I wrote previously. But now it asks
> password when connected through TCP and doesn't when connected directly
> as psql -d postgres
>=20
> PLZ EXPLAIN !! I'm in a big confusion :?
>=20

You probably forgot to reload the configuration after modifying it, and
then someone reloaded it or restarted the server, and PostgreSQL was
able to use the new configuration.

--=20
Guillaume.
http://www.postgresqlfr.org
http://dalibo.com

--=20
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

Re: Socket & TCP connections

am 29.03.2010 10:51:48 von Nilesh Govindrajan

On 03/29/2010 12:50 PM, Guillaume Lelarge wrote:
> Le 29/03/2010 04:04, Nilesh Govindarajan a Ã©crit :
>> Hi, it seems to be working now. Can somebody explain to me how ? See
>> this pg_hba.conf -
>>
>> # "local" is for Unix domain socket connections only
>> local all root trust
>> local all all md5
>> # IPv4 local connections:
>> #host all root 127.0.0.1/32 trust
>> #host all root ::1/128 trust
>> host all all 127.0.0.1/32 md5
>> host all all ::1/128 md5
>>
>> Its the same code I think which I wrote previously. But now it asks
>> password when connected through TCP and doesn't when connected directl=
y
>> as psql -d postgres
>>
>> PLZ EXPLAIN !! I'm in a big confusion :?
>>
>
> You probably forgot to reload the configuration after modifying it, and
> then someone reloaded it or restarted the server, and PostgreSQL was
> able to use the new configuration.
>
>

Yeah may be. But I remember issuing killall -HUP postmaster after every=20
change.

--=20
Nilesh Govindarajan
Site & Server Administrator
www.itech7.com
à¤®à¥à¤°à¤¾ à¤à¤¾à¤°à¤¤=
à¤®à¤¹à¤¾à¤¨ !
à¤®à¤® à¤à¤¾à¤°à¤¤: à¤®à¤¹=
à¤¤à¥à¤¤à¤® à¤à¤µà¤¤à¥=
!

--=20
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin