Lists: | pgsql-general |
---|
From: | Ralph Smith <smithrn(at)washington(dot)edu> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | Requiring a password |
Date: | 2008-03-05 18:28:19 |
Message-ID: | A21F45A0-3273-463E-9EC0-D3C2604E15A0@washington.edu |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-general |
I guess I'm missing something.
Question part A)
I have smithrn in ident.conf, and he can now connect as user airburst
to same-named DB.
I tested and before he couldn't.
But when i:
ALTER ROLE airburst WITH UNENCRYPTED PASSWORD 'maxwellsmart' ;
ALTER ROLE
Even after reloading and restarting the DB, which shouldn't be
necessary, smithrn still gets in w/o any password checks.
How come?
-----
Question part B)
I have SSL on, and all the client boxes also have it.
If I change HBA, how will / would I change my login?
As it is now, a particular user connects to a particular DB w/o any
password prompt.
e.g.: psql -U username dbname
Thank you!
Ralph Smith
=====================
From: | Ralph Smith <smithrn(at)washington(dot)edu> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | Fwd: Requiring a password |
Date: | 2008-03-05 18:37:00 |
Message-ID: | 9B628605-4B78-433F-927C-BFCCC5997EE0@washington.edu |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-general |
I guess I'm missing something.
Question part A)
I have smithrn in ident.conf, and he can now connect as user airburst
to same-named DB.
I tested and before he couldn't.
But when i:
ALTER ROLE airburst WITH UNENCRYPTED PASSWORD 'maxwellsmart' ;
ALTER ROLE
Even after reloading and restarting the DB, which shouldn't be
necessary, smithrn still gets in w/o any password checks.
How come?
-----
Question part B)
I have SSL on, and all the client boxes also have it.
If I change HBA, how will / would I change my login?
As it is now, a particular user connects to a particular DB w/o any
password prompt.
e.g.: psql -U username dbname
Thank you!
Ralph Smith
=====================
From: | "Andrej Ricnik-Bay" <andrej(dot)groups(at)gmail(dot)com> |
---|---|
To: | "Ralph Smith" <smithrn(at)washington(dot)edu> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: Requiring a password |
Date: | 2008-03-05 19:14:19 |
Message-ID: | b35603930803051114tdd4d4dbx5819e140b24cd8fa@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-general |
On 06/03/2008, Ralph Smith <smithrn(at)washington(dot)edu> wrote:
> I guess I'm missing something.
>
> Question part A)
>
> Even after reloading and restarting the DB, which shouldn't be necessary,
> smithrn still gets in w/o any password checks.
> How come?
Impossible to answer w/o knowing any entries in your pg_hba.conf
> Question part B)
>
> I have SSL on, and all the client boxes also have it.
> If I change HBA, how will / would I change my login?
> As it is now, a particular user connects to a particular DB w/o any password
> prompt.
> e.g.: psql -U username dbname
To the best of my knowledge the authentication shouldn't
be affected by the transport ...
> Thank you!
>
>
> Ralph Smith
Cheers,
Andrej
--
Please don't top post, and don't use HTML e-Mail :} Make your quotes concise.
From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | "Andrej Ricnik-Bay" <andrej(dot)groups(at)gmail(dot)com> |
Cc: | "Ralph Smith" <smithrn(at)washington(dot)edu>, pgsql-general(at)postgresql(dot)org |
Subject: | Re: Requiring a password |
Date: | 2008-03-05 20:27:45 |
Message-ID: | 3233.1204748865@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-general |
"Andrej Ricnik-Bay" <andrej(dot)groups(at)gmail(dot)com> writes:
> On 06/03/2008, Ralph Smith <smithrn(at)washington(dot)edu> wrote:
>> Even after reloading and restarting the DB, which shouldn't be necessary,
>> smithrn still gets in w/o any password checks.
>> How come?
> Impossible to answer w/o knowing any entries in your pg_hba.conf
I think the OP expects the act of assigning a password to a particular
role to be enough to cause password authentication to be used. It's
not: you have to make sure that pg_hba.conf specifies that auth method.
regards, tom lane