IDENT and pg_hda.conf

On 30/01/2004 09:39 Susemail wrote:
[color=blue]
> [snip]
> In any case I don't have a pg_hba.conf file:[/color]

You should have, unless you haven't done an initdb...
[color=blue]
>
> :~> locate pg_hba.conf
> /usr/share/postgresql/pg_hba.conf.sample
> :~>
>
> Should I have one? If I should, where does it belong?[/color]

It's in PostgreSQL's data dir. Obviously this may differ from distro to
distro. Probably what is happening is that you running locate as regular
user which won't have read access to that directoty (it's owned by user
postgres).

--
Paul Thomas
+------------------------------+---------------------------------------------+
| Thomas Micro Systems Limited | Software Solutions for the Smaller
Business |
| Computer Consultants |
http://www.thomas-micro-systems-ltd.co.uk |
+------------------------------+---------------------------------------------+

---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to Join Bytes! so that your
message can get through to the mailing list cleanly

On Thu, Jan 29, 2004 at 23:39:23 -1000,
Susemail <susemail@hawaii.rr.com> wrote:[color=blue]
> Is this good advice?
>
> IDENT Authentication failed for user "postgres"
>
> This error has everything to do with the way distros set up access rights for
> postgres. They are way too restrictive and leave you wondering what to do
> next.
>
> Do yourself a favour and change authentication type in pg_hba.conf to
>
> local all trust
>
> until you have figured out what all this stuff in pg_hba.conf does. Read about
> the different authentication settings and change them as you see fit. It is
> all described in detail in pg_hba.conf[/color]

If only trusted users have access to the server, this is a reasonable way
to start off while learning things. Generally using ident for local access
is the way to go unless you are using OS where it doesn't work.

---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend

On Friday 30 January 2004 01:37 am, Paul Thomas wrote:[color=blue]
> On 30/01/2004 09:39 Susemail wrote:[color=green]
> > [snip]
> > In any case I don't have a pg_hba.conf file:[/color]
>
> You should have, unless you haven't done an initdb...
>[/color]
True, I hadn't done an initdb:

postgres@linux:/home/adriel> /usr/bin/initdb -D /usr/local/pgsql/data
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.

The database cluster will be initialized with locale en_US.

fixing permissions on existing directory /usr/local/pgsql/data... ok
creating directory /usr/local/pgsql/data/base... ok
creating directory /usr/local/pgsql/data/global... ok
creating directory /usr/local/pgsql/data/pg_xlog... ok
creating directory /usr/local/pgsql/data/pg_clog... ok
selecting default max_connections... 100
selecting default shared_buffers... 1000
creating configuration files... ok
creating template1 database in /usr/local/pgsql/data/base/1... ok
initializing pg_shadow... ok
enabling unlimited row size for system tables... ok
initializing pg_depend... ok
creating system views... ok
loading pg_description... ok
creating conversions... ok
setting privileges on built-in objects... ok
creating information schema... ok
vacuuming database template1... ok
copying template1 to template0... ok

Success. You can now start the database server using:

Still not able to authenticate:

postgres@linux:/home/adriel> /usr/bin/postmaster -D /usr/local/pgsql/data
LOG: database system was shut down at 2004-01-30 08:47:05 HST
LOG: checkpoint record is at 0/9B1058
LOG: redo record is at 0/9B1058; undo record is at 0/0; shutdown TRUE
LOG: next transaction ID: 534; next OID: 17142
LOG: database system is ready
FATAL: IDENT authentication failed for user "adriel"
FATAL: IDENT authentication failed for user "adriel"
FATAL: IDENT authentication failed for user "postgres"
FATAL: IDENT authentication failed for user "postgres"

My pg_hba.conf file configuration: Is it correct?

# TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD

local all all trust
# IPv4-style local connections:
#host all all 127.0.0.1 255.255.255.255 trust
# IPv6-style local connections:
#host all all ::1
ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff trust
#local all all ident
sameuser

This is my user list:

:~> psql -l
List of databases
Name | Owner | Encoding
-----------+----------+-----------
mydb | postgres | SQL_ASCII
mydb1 | adriel | SQL_ASCII
mydb2 | postgres | SQL_ASCII
template0 | postgres | SQL_ASCII
template1 | postgres | SQL_ASCII
test | postgres | SQL_ASCII
(6 rows)


So...what am I still doing wrong?
Thanks,
Jerome



---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to Join Bytes!

On Friday 30 January 2004 10:23 am, Jerome Lyles wrote:[color=blue]
> On Friday 30 January 2004 01:37 am, Paul Thomas wrote:[color=green]
> > On 30/01/2004 09:39 Susemail wrote:[color=darkred]
> > > [snip]
> > > In any case I don't have a pg_hba.conf file:[/color]
> >
> > You should have, unless you haven't done an initdb...[/color]
>
> True, I hadn't done an initdb:
>[/color]
[color=blue]
>
> Still not able to authenticate:
>
> FATAL: IDENT authentication failed for user "adriel"
> FATAL: IDENT authentication failed for user "postgres"
>[/color]
The problem turned out to be two copies of pg_hba. One in
"/usr/local/pgsql/data/pg_hba.conf" the other in
"/var/lib/pgsql/data/pg_hba.conf"
"/var/lib/pgsql/data/pg_hba.conf" is in the Root Directory of postgres on my
system so that's the one the system was using. I thought the system was
using the other one: "/usr/local/pgsql/data/pg_hba.conf", the only one I knew
about.
Thank you for helping me figure it out,
Jerome


---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster

On Friday 30 January 2004 02:11 pm, Paul Thomas wrote:[color=blue]
> On 30/01/2004 20:23 Jerome Lyles wrote:[color=green]
> > On Friday 30 January 2004 01:37 am, Paul Thomas wrote:[color=darkred]
> > > On 30/01/2004 09:39 Susemail wrote:
> > > > [snip]
> > > > In any case I don't have a pg_hba.conf file:
> > >
> > > You should have, unless you haven't done an initdb...[/color]
> >
> > True, I hadn't done an initdb:[/color][/color]
[color=blue][color=green]
> > So...what am I still doing wrong?
> > Thanks,
> > Jerome[/color]
>
> You've got me really confused here. If you hadn't done an initdb and
> couldn't connect to the postmaster how come you managed to create several
> databases?[/color]

I did solve the problem, turns out there were two copies of pg_hba.conf.
As to how this was possible I don't know. If I did it earlier whatever I did
left "/usr/local/pgsql/data/" empty.


---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to Join Bytes!