Lists: | pgsql-hackers |
---|
From: | Rafael Martinez <r(dot)m(dot)guerrero(at)usit(dot)uio(dot)no> |
---|---|
To: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | ident changes between 8.3 and 8.4 |
Date: | 2009-11-05 13:49:30 |
Message-ID: | 4AF2D7EA.3010206@usit.uio.no |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-hackers |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello
We have been using for years and without problems local ident
autentification in the database for our user postgres.
These are the values that we have been using until version 8.3:
pg_hba.conf:
- ------------
local all postgres ident sameuser
pg_ident.conf:
- --------------
sameuser postgres postgres
With 8.4, we get this error if we use a map named 'sameuser'.
- -----------------------------------------------------------
FATAL: Ident authentication failed for user "postgres"
LOG: no match in usermap for user "postgres" authenticated as "postgres"
CONTEXT: usermap "sameuser"
- -----------------------------------------------------------
These are the values used with 8.4:
pg_hba.conf:
- ------------
local all postgres ident map=sameuser
pg_ident.conf:
- --------------
sameuser postgres postgres
After some investigation, we have found out that everything works
without problems if we change the mapname used by ident to something
different than 'sameuser'.
Is this a bug or have we decided this behavior? I can not find any
documentation explaining that 'sameuser' is not a valid mapname.
regards,
- --
Rafael Martinez, <r(dot)m(dot)guerrero(at)usit(dot)uio(dot)no>
Center for Information Technology Services
University of Oslo, Norway
PGP Public Key: http://folk.uio.no/rafael/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)
iD8DBQFK8tesBhuKQurGihQRAlYJAKCj079582JocEUoIZfCLbqmsFeo0gCeMdYs
AifiS+Giu8M0r8SJLUYoEyM=
=e+Vz
-----END PGP SIGNATURE-----
From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | Rafael Martinez <r(dot)m(dot)guerrero(at)usit(dot)uio(dot)no> |
Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: ident changes between 8.3 and 8.4 |
Date: | 2009-11-05 14:18:20 |
Message-ID: | 9837222c0911050618i2f2c1a33k1ff7bd7abbefcc@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-hackers |
On Thu, Nov 5, 2009 at 14:49, Rafael Martinez <r(dot)m(dot)guerrero(at)usit(dot)uio(dot)no> wrote:
> Hash: SHA1
>
> Hello
>
> We have been using for years and without problems local ident
> autentification in the database for our user postgres.
>
> These are the values that we have been using until version 8.3:
> pg_hba.conf:
> - ------------
> local all postgres ident sameuser
>
> pg_ident.conf:
> - --------------
> sameuser postgres postgres
>
> With 8.4, we get this error if we use a map named 'sameuser'.
> - -----------------------------------------------------------
> FATAL: Ident authentication failed for user "postgres"
> LOG: no match in usermap for user "postgres" authenticated as "postgres"
> CONTEXT: usermap "sameuser"
> - -----------------------------------------------------------
>
> These are the values used with 8.4:
> pg_hba.conf:
> - ------------
> local all postgres ident map=sameuser
>
> pg_ident.conf:
> - --------------
> sameuser postgres postgres
>
> After some investigation, we have found out that everything works
> without problems if we change the mapname used by ident to something
> different than 'sameuser'.
>
> Is this a bug or have we decided this behavior? I can not find any
> documentation explaining that 'sameuser' is not a valid mapname.
To make 8.4 behave like the previous "ident sameuser" way, just put
"ident". No map is needed.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
---|---|
To: | Magnus Hagander <magnus(at)hagander(dot)net> |
Cc: | Rafael Martinez <r(dot)m(dot)guerrero(at)usit(dot)uio(dot)no>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: ident changes between 8.3 and 8.4 |
Date: | 2009-11-05 14:37:37 |
Message-ID: | 4AF2E331.3010102@dunslane.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-hackers |
Magnus Hagander wrote:
> On Thu, Nov 5, 2009 at 14:49, Rafael Martinez <r(dot)m(dot)guerrero(at)usit(dot)uio(dot)no> wrote:
>
>> Hash: SHA1
>>
>> Hello
>>
>> We have been using for years and without problems local ident
>> autentification in the database for our user postgres.
>>
>> These are the values that we have been using until version 8.3:
>> pg_hba.conf:
>> - ------------
>> local all postgres ident sameuser
>>
>> pg_ident.conf:
>> - --------------
>> sameuser postgres postgres
>>
>> With 8.4, we get this error if we use a map named 'sameuser'.
>> - -----------------------------------------------------------
>> FATAL: Ident authentication failed for user "postgres"
>> LOG: no match in usermap for user "postgres" authenticated as "postgres"
>> CONTEXT: usermap "sameuser"
>> - -----------------------------------------------------------
>>
>> These are the values used with 8.4:
>> pg_hba.conf:
>> - ------------
>> local all postgres ident map=sameuser
>>
>> pg_ident.conf:
>> - --------------
>> sameuser postgres postgres
>>
>> After some investigation, we have found out that everything works
>> without problems if we change the mapname used by ident to something
>> different than 'sameuser'.
>>
>> Is this a bug or have we decided this behavior? I can not find any
>> documentation explaining that 'sameuser' is not a valid mapname.
>>
>
> To make 8.4 behave like the previous "ident sameuser" way, just put
> "ident". No map is needed.
>
And it is documented in the release notes:
<http://www.postgresql.org/docs/current/static/release-8-4.html>, which
the OP should have read when upgrading.
cheers
andrew
From: | Tommy Gildseth <tommy(dot)gildseth(at)usit(dot)uio(dot)no> |
---|---|
To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Rafael Martinez <r(dot)m(dot)guerrero(at)usit(dot)uio(dot)no>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: ident changes between 8.3 and 8.4 |
Date: | 2009-11-05 15:01:57 |
Message-ID: | 4AF2E8E5.1010600@usit.uio.no |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-hackers |
Andrew Dunstan skrev:
>
>>
>> To make 8.4 behave like the previous "ident sameuser" way, just put
>> "ident". No map is needed.
>>
>
>
> And it is documented in the release notes:
> <http://www.postgresql.org/docs/current/static/release-8-4.html>, which
> the OP should have read when upgrading.
Except this isn't backwards compatible, in the sense that leaving out
sameuser on version 8.3 will give a different behaviour. This means that
the script we are using to generate the pg_hba.conf file, needs to know
about the version of postgres it's generating the pg_hba.conf file for.
So, the problem isn't in the fact that the syntax has been changed, but
in the fact that you can't use sameuser as the mapname.
--
Tommy Gildseth
DBA, Gruppe for databasedrift
Universitetet i Oslo, USIT
m: +47 45 86 38 50
t: +47 22 85 29 39
From: | Rafael Martinez <r(dot)m(dot)guerrero(at)usit(dot)uio(dot)no> |
---|---|
To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: ident changes between 8.3 and 8.4 |
Date: | 2009-11-05 15:08:58 |
Message-ID: | 4AF2EA8A.80703@usit.uio.no |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-hackers |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andrew Dunstan wrote:
>
>
>>> Is this a bug or have we decided this behavior? I can not find any
>>> documentation explaining that 'sameuser' is not a valid mapname.
>>>
>> To make 8.4 behave like the previous "ident sameuser" way, just put
>> "ident". No map is needed.
>>
> And it is documented in the release notes:
> <http://www.postgresql.org/docs/current/static/release-8-4.html>, which
> the OP should have read when upgrading.
>
>
Hei
The release note was read some time ago and it was most probably
misinterpreted.
The release note says:
"Change all authentication options to use name=value syntax"
"Remove the ident sameuser option, instead making that behavior the
default if no usermap is specified"
It says that 'ident sameuser' have been removed, but it does not say
anything about "ident map=sameuser" not being a valid way of defining a
mapname = sameuser.
I still cannot find any references to this under:
19.2. Username maps
19.3.6. Ident-based authentication
Anyway, we know the reason of this behavior now, so this is not a
problem for us anymore, although it could be confusing for others.
regards,
- --
Rafael Martinez, <r(dot)m(dot)guerrero(at)usit(dot)uio(dot)no>
Center for Information Technology Services
University of Oslo, Norway
PGP Public Key: http://folk.uio.no/rafael/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)
iD8DBQFK8uqIBhuKQurGihQRAhZjAKCVJpZ5x0oXXQ2+cfp5TJizl5jj1ACfaTb0
agXmanpgeo94RWP33drqNJY=
=2OkL
-----END PGP SIGNATURE-----