Re: Remote acces zu Postgress: pg_hba.conf Fehler

[Carsten Schmid <Netz-Rack(dot)c(at)gmx(dot)net>]

A. Kretschmer schrieb:
> am  Mon, dem 06.11.2006, um 16:41:26 +0100 mailte Carsten Schmid folgendes:
> > Hallo,
> >
> > ich habe PostgreSQL auf einem freeBSD-Server installiert.  Der zugriff
> > über SSH/Putty funktioniert soweit. d.h. Der Datenbankuser existiert,
> > und die Datenbank schient zu funktionieren.
>
> Tut sie oder tut sie nur so scheinen? ;-)
>
> Also, kannst du Dich lokal mit psql anmelden?
>
>
> > Jetzt ist natürlich der zugang über SSH etwas sehr unbequem, und da
> > wollte ich pgAdmin III ausprobieren.
>
> Mit Zugang über SSH meinst Du jetzt aber schon psql, oder? Also das
> Kommandozeileninterface von PG?
>
>
> > Jedoch baut dieser keine Verbindung zur Datenbank auf, und bricht mit
> > der folgenden Fehlermeldung ab. "Error connecting to the Server.
> > FATAL: Missing or errornus pg_hba.conf file. HINT: Se server log for
> > details."
>
> PG nimmt erst mal nicht von überall und von jedem Verbindungen an. Das
> ist auch gut so. Ich *vermute* mal, Du willst übers Netz Verbindung
> aufnehmen. Dazu muß PG an TCP/IP lauschen _UND_ einen passenden Eintrag
> in der pg_hba.conf haben.
>
> 1. postgresql.conf, dort muß ein listen_addresses sein, auf welchen
> Adressen er lauscht. Du verwendest eine *hüstel* abgehangene Version,
> IIRC ist dort noch expliziet zu sagen, daß es an TCP/IP lauschen soll.
> Dein psql-CLI - Tool verbindet sich über einen lokalen Socket, es
> braucht kein TCP/IP (zumindest nicht, solange die Option -h localhost
> nicht gegeben wird. Ich *vermute* mal, würdest Du 'psql -h localhost'
> ausführen, käme evtl. auch schon der Fehler.
>
> Falls nicht, und es klappt:
> 2. in der ph_hba.conf passende Einträge machen. Die Datei ist an sich
> selbsterklärend.
>
>
> > zum anderen kann ich partout kein log-file für PostgreSQL finden
> > (/var/log/postgres existiert nicht). und das algemeine log-file des
> > rechners ist genau so gesprächig wie pgAdmin....
>
> Distri-Abhängig IIRC. Hier ist es
> /var/log/postgresql/postgresql-8.1-main.log
>
>
> > Vlt ist es noch hilfreich zu erwähnen, dass ich PostgreSQL 7.4
> > installiert habe. (OT: ist 8.1 schon stable genug oder war meine
> > Entscheidung richtig?)
>
> Ja, Nein.
>
>
> > Ich währe echt froh, wenn ich nach tagelangem googeln hier Hilfe
> > finden könnte...
>
>
> Na, das hoffen wir doch...
>
>
> Andreas



Hallo,

erstmal vielen Dank für eure schnellen Antworten.

Aufgrund der Klarheit eurer Kommentare hab ich mich entschlossen, der 
Datenbank ein Update zu verpassen, jetzt hab ich Version 8.1!

Wieder hab ich nach bestem Wissen und Gewissen die postgresqol.conf und 
die pg_hba.conf angepasst.
Der Zugang über psql klappt einwandfrei!!

Jedoch erhalte ich immer noch den selben Fehler:

FATAL: Missing or ...

auch habe ich dann einmal ausprobiert wie das Ganze klappt wenn ich vom 
localhost aus über TCP/IP komme  (psql -h localhost)
Hier erhielt ich wieder den bereits beschriebenen Fehler....

daraus schließe ich, das meine umsetzung eines Zugangs über TCP/IP 
irgendwie nicht so recht funktioniert...

Vielleicht hilft das Anfügen der geforderten Dateien pg_hba.conf & 
postgresql.conf  weiter??

MfG

Carsten

# -----------------------------
# PostgreSQL configuration file
# -----------------------------
#
# This file consists of lines of the form:
#
#   name = value
#
# (The '=' is optional.) White space may be used. Comments are introduced
# with '#' anywhere on a line. The complete list of option names and
# allowed values can be found in the PostgreSQL documentation. The
# commented-out settings shown in this file represent the default values.
#
# Please note that re-commenting a setting is NOT sufficient to revert it
# to the default value, unless you restart the postmaster.
#
# Any option can also be given as a command line switch to the
# postmaster, e.g. 'postmaster -c log_connections=on'. Some options
# can be changed at run-time with the 'SET' SQL command.
#
# This file is read on postmaster startup and when the postmaster
# receives a SIGHUP. If you edit the file on a running system, you have 
# to SIGHUP the postmaster for the changes to take effect, or use 
# "pg_ctl reload". Some settings, such as listen_addresses, require
# a postmaster shutdown and restart to take effect.


#---------------------------------------------------------------------------
# FILE LOCATIONS
#---------------------------------------------------------------------------

# The default values of these variables are driven from the -D command line
# switch or PGDATA environment variable, represented here as ConfigDir.

#data_directory = 'ConfigDir'		# use data in another directory
#hba_file = 'ConfigDir/pg_hba.conf'	# host-based authentication file
#ident_file = 'ConfigDir/pg_ident.conf'	# IDENT configuration file

# If external_pid_file is not explicitly set, no extra pid file is written.
#external_pid_file = '(none)'		# write an extra pid file


#---------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#---------------------------------------------------------------------------

# - Connection Settings -

listen_addresses = '*'		# what IP address(es) to listen on; 
					# comma-separated list of addresses;
					# defaults to 'localhost', '*' = all
port = 5432
max_connections = 40
# note: increasing max_connections costs ~400 bytes of shared memory per 
# connection slot, plus lock space (see max_locks_per_transaction).  You
# might also need to raise shared_buffers to support more connections.
#superuser_reserved_connections = 2
#unix_socket_directory = ''
#unix_socket_group = ''
#unix_socket_permissions = 0777		# octal
#bonjour_name = ''			# defaults to the computer name

# - Security & Authentication -

#authentication_timeout = 60		# 1-600, in seconds
#ssl = off
#password_encryption = on
#db_user_namespace = off

# Kerberos
#krb_server_keyfile = ''
#krb_srvname = 'postgres'
#krb_server_hostname = ''		# empty string matches any keytab entry
#krb_caseins_users = off

# - TCP Keepalives -
# see 'man 7 tcp' for details

#tcp_keepalives_idle = 0		# TCP_KEEPIDLE, in seconds;
					# 0 selects the system default
#tcp_keepalives_interval = 0		# TCP_KEEPINTVL, in seconds;
					# 0 selects the system default
#tcp_keepalives_count = 0		# TCP_KEEPCNT;
					# 0 selects the system default


#---------------------------------------------------------------------------
# RESOURCE USAGE (except WAL)
#---------------------------------------------------------------------------

# - Memory -

shared_buffers = 1000			# min 16 or max_connections*2, 8KB each
#temp_buffers = 1000			# min 100, 8KB each
#max_prepared_transactions = 5		# can be 0 or more
# note: increasing max_prepared_transactions costs ~600 bytes of shared memory
# per transaction slot, plus lock space (see max_locks_per_transaction).
#work_mem = 1024			# min 64, size in KB
#maintenance_work_mem = 16384		# min 1024, size in KB
#max_stack_depth = 2048			# min 100, size in KB

# - Free Space Map -

#max_fsm_pages = 20000			# min max_fsm_relations*16, 6 bytes each
#max_fsm_relations = 1000		# min 100, ~70 bytes each

# - Kernel Resource Usage -

#max_files_per_process = 1000		# min 25
#preload_libraries = ''

# - Cost-Based Vacuum Delay -

#vacuum_cost_delay = 0			# 0-1000 milliseconds
#vacuum_cost_page_hit = 1		# 0-10000 credits
#vacuum_cost_page_miss = 10		# 0-10000 credits
#vacuum_cost_page_dirty = 20		# 0-10000 credits
#vacuum_cost_limit = 200		# 0-10000 credits

# - Background writer -

#bgwriter_delay = 200			# 10-10000 milliseconds between rounds
#bgwriter_lru_percent = 1.0		# 0-100% of LRU buffers scanned/round
#bgwriter_lru_maxpages = 5		# 0-1000 buffers max written/round
#bgwriter_all_percent = 0.333		# 0-100% of all buffers scanned/round
#bgwriter_all_maxpages = 5		# 0-1000 buffers max written/round


#---------------------------------------------------------------------------
# WRITE AHEAD LOG
#---------------------------------------------------------------------------

# - Settings -

#fsync = on				# turns forced synchronization on or off
#wal_sync_method = fsync		# the default is the first option 
					# supported by the operating system:
					#   open_datasync
					#   fdatasync
					#   fsync
					#   fsync_writethrough
					#   open_sync
#full_page_writes = on			# recover from partial page writes
#wal_buffers = 8			# min 4, 8KB each
#commit_delay = 0			# range 0-100000, in microseconds
#commit_siblings = 5			# range 1-1000

# - Checkpoints -

#checkpoint_segments = 3		# in logfile segments, min 1, 16MB each
#checkpoint_timeout = 300		# range 30-3600, in seconds
#checkpoint_warning = 30		# in seconds, 0 is off

# - Archiving -

#archive_command = ''			# command to use to archive a logfile 
					# segment


#---------------------------------------------------------------------------
# QUERY TUNING
#---------------------------------------------------------------------------

# - Planner Method Configuration -

#enable_bitmapscan = on
#enable_hashagg = on
#enable_hashjoin = on
#enable_indexscan = on
#enable_mergejoin = on
#enable_nestloop = on
#enable_seqscan = on
#enable_sort = on
#enable_tidscan = on

# - Planner Cost Constants -

#effective_cache_size = 1000		# typically 8KB each
#random_page_cost = 4			# units are one sequential page fetch 
					# cost
#cpu_tuple_cost = 0.01			# (same)
#cpu_index_tuple_cost = 0.001		# (same)
#cpu_operator_cost = 0.0025		# (same)

# - Genetic Query Optimizer -

#geqo = on
#geqo_threshold = 12
#geqo_effort = 5			# range 1-10
#geqo_pool_size = 0			# selects default based on effort
#geqo_generations = 0			# selects default based on effort
#geqo_selection_bias = 2.0		# range 1.5-2.0

# - Other Planner Options -

#default_statistics_target = 10		# range 1-1000
#constraint_exclusion = off
#from_collapse_limit = 8
#join_collapse_limit = 8		# 1 disables collapsing of explicit 
					# JOINs


#---------------------------------------------------------------------------
# ERROR REPORTING AND LOGGING
#---------------------------------------------------------------------------

# - Where to Log -

log_destination = 'syslog'
#log_destination = 'stderr'		# Valid values are combinations of 
					# stderr, syslog and eventlog, 
					# depending on platform.

# This is used when logging to stderr:
#redirect_stderr = off			# Enable capturing of stderr into log 
					# files

# These are only used if redirect_stderr is on:
#log_directory = 'pg_log'		# Directory where log files are written
					# Can be absolute or relative to PGDATA
#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # Log file name pattern.
					# Can include strftime() escapes
#log_truncate_on_rotation = off # If on, any existing log file of the same 
					# name as the new log file will be
					# truncated rather than appended to. But
					# such truncation only occurs on
					# time-driven rotation, not on restarts
					# or size-driven rotation. Default is
					# off, meaning append to existing files
					# in all cases.
#log_rotation_age = 1440		# Automatic rotation of logfiles will 
					# happen after so many minutes.  0 to 
					# disable.
#log_rotation_size = 10240		# Automatic rotation of logfiles will 
					# happen after so many kilobytes of log
					# output.  0 to disable.

# These are relevant when logging to syslog:
#syslog_facility = 'LOCAL0'
#syslog_ident = 'postgres'


# - When to Log -

#client_min_messages = notice		# Values, in order of decreasing detail:
					#   debug5
					#   debug4
					#   debug3
					#   debug2
					#   debug1
					#   log
					#   notice
					#   warning
					#   error

#log_min_messages = notice		# Values, in order of decreasing detail:
					#   debug5
					#   debug4
					#   debug3
					#   debug2
					#   debug1
					#   info
					#   notice
					#   warning
					#   error
					#   log
					#   fatal
					#   panic

#log_error_verbosity = default		# terse, default, or verbose messages

#log_min_error_statement = panic	# Values in order of increasing severity:
				 	#   debug5
					#   debug4
					#   debug3
					#   debug2
					#   debug1
				 	#   info
					#   notice
					#   warning
					#   error
					#   panic(off)
				 
#log_min_duration_statement = -1	# -1 is disabled, 0 logs all statements
					# and their durations, in milliseconds.

silent_mode = on
#silent_mode = off			# DO NOT USE without syslog or 
					# redirect_stderr

# - What to Log -

#debug_print_parse = off
#debug_print_rewritten = off
#debug_print_plan = off
#debug_pretty_print = off
#log_connections = off
#log_disconnections = off
#log_duration = off
#log_line_prefix = ''			# Special values:
					#   %u = user name
					#   %d = database name
					#   %r = remote host and port
					#   %h = remote host
					#   %p = PID
					#   %t = timestamp (no milliseconds)
					#   %m = timestamp with milliseconds
					#   %i = command tag
					#   %c = session id
					#   %l = session line number
					#   %s = session start timestamp
					#   %x = transaction id
					#   %q = stop here in non-session 
					#        processes
					#   %% = '%'
					# e.g. '<%u%%%d> '
#log_statement = 'none'			# none, mod, ddl, all
#log_hostname = off


#---------------------------------------------------------------------------
# RUNTIME STATISTICS
#---------------------------------------------------------------------------

# - Statistics Monitoring -

#log_parser_stats = off
#log_planner_stats = off
#log_executor_stats = off
#log_statement_stats = off

# - Query/Index Statistics Collector -

#stats_start_collector = on
#stats_command_string = off
#stats_block_level = off
#stats_row_level = off
#stats_reset_on_server_start = off


#---------------------------------------------------------------------------
# AUTOVACUUM PARAMETERS
#---------------------------------------------------------------------------

#autovacuum = off			# enable autovacuum subprocess?
#autovacuum_naptime = 60		# time between autovacuum runs, in secs
#autovacuum_vacuum_threshold = 1000	# min # of tuple updates before
					# vacuum
#autovacuum_analyze_threshold = 500	# min # of tuple updates before 
					# analyze
#autovacuum_vacuum_scale_factor = 0.4	# fraction of rel size before 
					# vacuum
#autovacuum_analyze_scale_factor = 0.2	# fraction of rel size before 
					# analyze
#autovacuum_vacuum_cost_delay = -1	# default vacuum cost delay for 
					# autovac, -1 means use 
					# vacuum_cost_delay
#autovacuum_vacuum_cost_limit = -1	# default vacuum cost limit for 
					# autovac, -1 means use
					# vacuum_cost_limit


#---------------------------------------------------------------------------
# CLIENT CONNECTION DEFAULTS
#---------------------------------------------------------------------------

# - Statement Behavior -

#search_path = '$user,public'		# schema names
#default_tablespace = ''		# a tablespace name, '' uses
					# the default
#check_function_bodies = on
#default_transaction_isolation = 'read committed'
#default_transaction_read_only = off
#statement_timeout = 0			# 0 is disabled, in milliseconds

# - Locale and Formatting -

#datestyle = 'iso, mdy'
#timezone = unknown			# actually, defaults to TZ 
					# environment setting
#australian_timezones = off
#extra_float_digits = 0			# min -15, max 2
#client_encoding = sql_ascii		# actually, defaults to database
					# encoding

# These settings are initialized by initdb -- they might be changed
lc_messages = 'C'			# locale for system error message 
					# strings
lc_monetary = 'C'			# locale for monetary formatting
lc_numeric = 'C'			# locale for number formatting
lc_time = 'C'				# locale for time formatting

# - Other Defaults -

#explain_pretty_print = on
#dynamic_library_path = '$libdir'


#---------------------------------------------------------------------------
# LOCK MANAGEMENT
#---------------------------------------------------------------------------

#deadlock_timeout = 1000		# in milliseconds
#max_locks_per_transaction = 64		# min 10
# note: each lock table slot uses ~220 bytes of shared memory, and there are
# max_locks_per_transaction * (max_connections + max_prepared_transactions)
# lock table slots.


#---------------------------------------------------------------------------
# VERSION/PLATFORM COMPATIBILITY
#---------------------------------------------------------------------------

# - Previous Postgres Versions -

#add_missing_from = off
#regex_flavor = advanced		# advanced, extended, or basic
#sql_inheritance = on
#default_with_oids = off
#escape_string_warning = off

# - Other Platforms & Clients -

#transform_null_equals = off


#---------------------------------------------------------------------------
# CUSTOMIZED OPTIONS
#---------------------------------------------------------------------------

#custom_variable_classes = ''		# list of custom variable class names

# PostgreSQL Client Authentication Configuration File
# ===================================================
#
# Refer to the PostgreSQL Administrator's Guide, chapter "Client
# Authentication" for a complete description.  A short synopsis
# follows.
#
# This file controls: which hosts are allowed to connect, how clients
# are authenticated, which PostgreSQL user names they can use, which
# databases they can access.  Records take one of these forms:
#
# local      DATABASE  USER  METHOD  [OPTION]
# host       DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
# hostssl    DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
# hostnossl  DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
#
# (The uppercase items must be replaced by actual values.)
#
# The first field is the connection type: "local" is a Unix-domain socket,
# "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl" is an
# SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP socket.
#
# DATABASE can be "all", "sameuser", "samerole", a database name, or
# a comma-separated list thereof.
#
# USER can be "all", a user name, a group name prefixed with "+", or
# a comma-separated list thereof.  In both the DATABASE and USER fields
# you can also write a file name prefixed with "@" to include names from
# a separate file.
#
# CIDR-ADDRESS specifies the set of hosts the record matches.
# It is made up of an IP address and a CIDR mask that is an integer
# (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that specifies
# the number of significant bits in the mask.  Alternatively, you can write
# an IP address and netmask in separate columns to specify the set of hosts.
#
# METHOD can be "trust", "reject", "md5", "crypt", "password",
# "krb5", "ident", or "pam".  Note that "password" sends passwords
# in clear text; "md5" is preferred since it sends encrypted passwords.
#
# OPTION is the ident map or the name of the PAM service, depending on METHOD.
#
# Database and user names containing spaces, commas, quotes and other special
# characters must be quoted. Quoting one of the keywords "all", "sameuser" or
# "samerole" makes the name lose its special character, and just match a
# database or username with that name.
#
# This file is read on server startup and when the postmaster receives
# a SIGHUP signal.  If you edit the file on a running system, you have
# to SIGHUP the postmaster for the changes to take effect.  You can use
# "pg_ctl reload" to do that.

# Put your actual configuration here
# ----------------------------------
#
# If you want to allow non-local connections, you need to add more
# "host" records. In that case you will also need to make PostgreSQL listen
# on a non-local interface via the listen_addresses configuration parameter,
# or via the -i or -h command line switches.
#

# CAUTION: Configuring the system for local "trust" authentication allows
# any local user to connect as any PostgreSQL user, including the database
# superuser. If you do not trust all your local users, use another
# authentication method.


# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD

# "local" is for Unix domain socket connections only
local   all         all                               trust
# IPv4 local connections:
Host    all         all         127.0.0.1/32          trust


# IPv6 local connections:
Host    all         all         ::1/128               trust


#Aenderung am 7.11.06 - Zugriff ueber lokales Netz hinzugefuegt - C.Schmid
Hoast	all	all	192.168.2.0/24	trust