Обсуждение: User authentication blues

Hi,

I have a 6.3.2 server, and I want to use password authentication.
So, I gave the user 'postgres' and some other user a password, and I put this
in my pg_hba.conf:

host         all         127.0.0.1     255.255.255.255   password
host         all         206.31.72.11  255.255.255.255   password

But I cannot connect this way using a password (psql -u). I can connect
if I set everything to 'trust', but in that case I can even fool
posttresql in thinking I'm user postgres while I'm logged on as the other
user by using password authentication and using 'postgres' as username
while supplying a fake password.

Am I doing something wrong here?

Maarten

_____________________________________________________________________________
| TU Delft, The Netherlands, Faculty of Information Technology and Systems  |
|                   Department of Electrical Engineering                    |
|           Computer Architecture and Digital Technique section             |
|                          M.Boekhold@et.tudelft.nl                         |
-----------------------------------------------------------------------------

Your pg_hba.conf listing does not include a password FILE - the format
is:

host    allowedDB's    IPaddys        mask    AUTHTYPE    PASSWORDFILE
                        (such as    (such as
                        "password",    "mypasswords")
                        "trust", etc)
--
When I was seven years old, I was once reprimanded by my mother for an
act of collective brutality in which I had been involved at school.  A
group of seven-year-olds had been teasing and tormenting a
six-year-old.  "It is always so," my mother said.  "You do things
together which not one of you would think of doing alone."  ...
Wherever one looks in the world of human organization, collective
responsibility brings a lowering of moral standards.  The military
establishment is an extreme case, an organization which seems to have
been expressly designed to make it possible for people to do things
together which nobody in his right mind would do alone.
                -- Freeman Dyson, "Weapons and Hope"

Jeffrey Napolitano
Lowly Intern
Software Emancipation Technology


Maarten Boekhold wrote:
>
> Hi,
>
> I have a 6.3.2 server, and I want to use password authentication.
> So, I gave the user 'postgres' and some other user a password, and I put this
> in my pg_hba.conf:
>
> host         all         127.0.0.1     255.255.255.255   password
> host         all         206.31.72.11  255.255.255.255   password
>
> But I cannot connect this way using a password (psql -u). I can connect
> if I set everything to 'trust', but in that case I can even fool
> posttresql in thinking I'm user postgres while I'm logged on as the other
> user by using password authentication and using 'postgres' as username
> while supplying a fake password.
>
> Am I doing something wrong here?
>
> Maarten
>
> _____________________________________________________________________________
> | TU Delft, The Netherlands, Faculty of Information Technology and Systems  |
> |                   Department of Electrical Engineering                    |
> |           Computer Architecture and Digital Technique section             |
> |                          M.Boekhold@et.tudelft.nl                         |
> -----------------------------------------------------------------------------

On Thu, 30 Jul 1998, Jeffrey Napolitano wrote:

> Your pg_hba.conf listing does not include a password FILE - the format
> is:
>
> host    allowedDB's    IPaddys        mask    AUTHTYPE    PASSWORDFILE
>                         (such as    (such as
>                         "password",    "mypasswords")
>                         "trust", etc)

AFAIK in the newer versions of PostgreSQL (6.3.2) this is not needed
anymore because the password is stored in a system table (pg_shadow, only
readable by the postgres superuser).

Maarten

_____________________________________________________________________________
| TU Delft, The Netherlands, Faculty of Information Technology and Systems  |
|                   Department of Electrical Engineering                    |
|           Computer Architecture and Digital Technique section             |
|                          M.Boekhold@et.tudelft.nl                         |
-----------------------------------------------------------------------------

On Thu, 30 Jul 1998, Maarten Boekhold wrote:

> Hi,
>
> I have a 6.3.2 server, and I want to use password authentication.
> So, I gave the user 'postgres' and some other user a password, and I put this
> in my pg_hba.conf:
>
> host         all         127.0.0.1     255.255.255.255   password
> host         all         206.31.72.11  255.255.255.255   password
>
> But I cannot connect this way using a password (psql -u). I can connect
> if I set everything to 'trust', but in that case I can even fool
> posttresql in thinking I'm user postgres while I'm logged on as the other
> user by using password authentication and using 'postgres' as username
> while supplying a fake password.

I've figured out that if I use authtype 'crypt' in pg_hba.conf I can
connect to a database. I don't have to specify 'authtype=crypt' in my
perl-script, 'authtype=passwd' works just fine. Only, I cannot use this
to connect from older clients (ie. a 6.2 system). Too bad.....

Maarten

_____________________________________________________________________________
| TU Delft, The Netherlands, Faculty of Information Technology and Systems  |
|                   Department of Electrical Engineering                    |
|           Computer Architecture and Digital Technique section             |
|                          M.Boekhold@et.tudelft.nl                         |
-----------------------------------------------------------------------------