Re: No pg_hba.conf entry for host localhost (was: Re:

From: <ogjunk-pg(at)yahoo(dot)com>
To: PostgreSQL <pgsql-general(at)postgresql(dot)org>
Subject: Re: No pg_hba.conf entry for host localhost (was: Re:
Date: 2004-03-24 13:25:02
Message-ID: 20040324132502.44661.qmail@web12703.mail.yahoo.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Hello,

Yes, I did add such an entry to pg_hba.conf:

local MYDB otis md5

However, how secure is that?
Is this considered secure?

I suppose that if a cracker has broken into the DB server, he can
always damage the DB by removing DB files, or he can steal them by
copying DB files, and does not need to connect to DB as a client.

But still.... is this considered secure?

Thanks,
Otis

--- Dexter Tad-y <dexterbt1(at)my(dot)smart(dot)com(dot)ph> wrote:
> Hi,
> I am not sure but have you tried adding to your pg_hosts.conf
> the following form:
>
> #local DATABASE USER METHOD [OPTION]
> local MYDB otis md5
>
> Cheers!
>
> Dexter Tad-y
>
> On Wed, 2004-03-24 at 18:37, ogjunk-pg(at)yahoo(dot)com wrote:
> > Hello,
> >
> > Thank you - this morning I managed to create both a DB user and a
> DB.
> >
> > However, I am still puzzled by this error that I am getting now:
> >
> > [otis]$ psql MYDB
> > psql: FATAL: No pg_hba.conf entry for host localhost, user otis,
> > database MYDB
> >
> > On the other hand, "psql -h 127.0.0.1 MYDB" works!
> >
> > Here is the relevant data:
> >
> > # pg_hba.conf (entering 'localhost' instead of 127.0.0.1 doesn't
> work)
> > host MYDB otis 127.0.0.1 255.255.255.0 md5
> >
> > $ grep localhost /etc/hosts
> > 127.0.0.1 localhost.localdomain localhost
> >
> > $ hostname -i
> > MY.IP.IS.HERE (real, external IP, not 127....)
> >
> >
> > All I am trying to do is this:
> >
> > - Don't allow external connections
> > (got firewall, too, but multiple layers of security shouldn't
> hurt)
> > - Require even the local client to use username/password
> > authentication with md5
> >
> > Thanks,
> > Otis
> >
> >
> > --- "Nigel J. Andrews" <nandrews(at)investsystems(dot)co(dot)uk> wrote:
> > > On Tue, 23 Mar 2004 ogjunk-pg(at)yahoo(dot)com wrote:
> > >
> > > > Hello,
> > > >
> > > > I have created PostgreSQL databases and users a number of
> times,
> > > but
> > > > I'm having trouble with that on a new server with Postgresql
> 7.3.4.
> > > >
> > > > I am trying to create a DB user (createuser) and a database
> itself
> > > > (createdb):
> > > >
> > > > bash-2.05b$ whoami
> > > > postgres
> > > >
> > > > bash-2.05b$ tail -5 ~postgres/data/pg_hba.conf
> > > > host all all MY.IP.IS.HERE 255.255.255.255 md5
> > > >
> > > > bash-2.05b$ createuser -h MY.IP.IS.HERE otis
> > > > Shall the new user be allowed to create databases? (y/n) n
> > > > Shall the new user be allowed to create more new users? (y/n) n
> > > > Password:
> > > > psql: FATAL: Password authentication failed for user
> "postgres"
> > > >
> > > > createuser: creation of user "otis" failed
> > > >
> > > > -- Question: what password am I supposed to enter here?
> > > > -- I suppose it's the postgres user's _DB_ password - but how
> do I
> > > know
> > > > what it is? I didn't set it.
> > >
> > > Well you need to connect as a user with create user priviledges,
> i.e.
> > > a db
> > > superuser, in order to create your new user. If there isn't such
> a
> > > user you
> > > know the password for you'll have to ask the dba to do it for
> you.
> > >
> > > If you are the dba then you must already know the postgres
> password.
> > > If you
> > > have forgotten the password temporarily change md5 to trust in
> the
> > > pg_hba.conf
> > > file, restart the server and change the superusers password to a
> new
> > > one. Don't
> > > forget to restart the server after changing the pg_hba.conf entry
> > > back to md5.
> > >
> > > Alternatively, check that the localhost entry isn't already set
> to
> > > trust and
> > > just don't specify the server ip address for the commands. If it
> > > isn't set to
> > > trust already do the md5 --> trust --> md5 thing with that entry
> > > instead of the
> > > one above. (From the use of MY.IP.IS.HERE in your snippets I
> presume
> > > you are
> > > running these utilities on the same system as the server is
> running).
> > >
> > >
> > > >
> > > > bash-2.05b$ createdb -h MY.IP.IS.HERE simpydev
> > > > Password:
> > > > psql: FATAL: Password authentication failed for user
> "postgres"
> > > >
> > > > createdb: database creation failed
> > > >
> > > > -- Question: what password am I supposed to enter here?
> > >
> > > Same as for createuser
> > >
> > > >
> > > >
> > > > Thank you,
> > > > Otis
> > >
> >
> >
> > ---------------------------(end of
> broadcast)---------------------------
> > TIP 1: subscribe and unsubscribe commands go to
> majordomo(at)postgresql(dot)org
>
>
> ---------------------------(end of
> broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
> http://archives.postgresql.org

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Tatsuo Ishii 2004-03-24 14:15:43 Re: unicode error and problem
Previous Message Dexter Tad-y 2004-03-24 13:14:42 [REPOST] Re: No pg_hba.conf entry for host localhost (was: Re: