Hi,

I am having trouble with ident authentication. Everything is working
fine except when specifying host for connections on the local machine.

pg_hba.conf:

local all all ident wp
host all all 10.97.8.0/24 ident wp

pg_ident.conf:

wp dlink dlink
wp dlink firstalert
wp dlink postgres
wp dlink video
wp postgres postgres
wp wwwrun firstalert
wp wwwrun video

If the db is on mach1 and the Unix user is dlink the following works

dlink@mach1$ psql -d mydb -U postgres
dlink@mach2$ psql -d mydb -U postgres -h mach1 # from remote machine

While the following does not: (nor with perl DBI)

dlink@mach1$ psql -d mydb -U postgres -h mach1
dlink@mach1$ psql -d mydb -U postgres -h localhost
dlink@mach1$ psql -d mydb -U postgres -h 10.97.8.244
dlink@mach1$ psql -d mydb -U postgres -h 127.0.0.1

If I add the following to pg_hba.conf it works of course:

host all all 10.97.8.244/32 trust

But this does not:

host all all 10.97.8.244/32 ident wp.

If I try as the postgres Unix user then it works:

postgres@mach1$ psql -d mydb -U postgres -h mach1

We are using:
SUSE 9 / Linux 2.6.5-7
Postgresql 8.1
And LDAP.

The problem might be due to how identd works on localhost with LDAP.
The postgres user is found in /etc/passwd, while the dlink user is not.

Incidentally, get this, on a second machine (with same software) what's
described here as not working, works intermittently. Now it worked.
Now it didn't. For dlink user. Weird.

Does anyone know how I can test ident? I can telnet 10.97.8.244 113.
The server port I know is 5432, but what's the client port to give?

Any and all help greatly appreciated.
Thanks.
David Link





---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@postgresql.org so that your
message can get through to the mailing list cleanly

David Link <dlink@soundscan.com> writes:
> Does anyone know how I can test ident?

I'd try sniffing the IP traffic to and from it with a packet sniffer
and/or tracing the daemon's system calls with strace. Manually invoking
the daemon isn't going to prove a lot, you want to watch its reaction
to Postgres.

I believe some flavors of identd have debug tracing options, too
.... check the man page ...

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster

Tom Lane wrote:
> David Link <dlink@soundscan.com> writes:
>
>> Does anyone know how I can test ident?
>>
>
> I'd try sniffing the IP traffic to and from it with a packet sniffer
> and/or tracing the daemon's system calls with strace. Manually invoking
> the daemon isn't going to prove a lot, you want to watch its reaction
> to Postgres.
>
Thanks for your suggestion. I'm new to the concept of packet sniffing
and tracing. Can you suggest where I should go or what I should read to
better understand this?
> I believe some flavors of identd have debug tracing options, too
> ... check the man page ...
>
Too bad no one else has reported this and already found an answer.
Maybe I should move to md5 authentication, however I wanted to avoid
having to type passwords.

Thanks,



---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?

http://archives.postgresql.org

David Link <dlink@soundscan.com> writes:
> Thanks for your suggestion. I'm new to the concept of packet sniffing
> and tracing. Can you suggest where I should go or what I should read to
> better understand this?

"man strace" ... strace is probably easier to use for this purpose than
a packet sniffer, and it'll generate a more complete view of what the
daemon is doing, too.

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match