Re: JDBC connection issue

[Oliver Jowett <oliver(at)opencloud(dot)com>]

Blaine Simpson wrote:
> Oliver Jowett wrote:
>
> > Blaine Simpson wrote:
> >
> > > Oliver Jowett wrote:
> > >
> > > > Blaine Simpson wrote:
> > > >
> > > > > You don't need an ident server if you use "md5", you do need an 
> > > > > ident server if you
> > > > > use "trust".

To reiterate -- the second half of this statement is wrong.

> The reason I question the implication is not that I can't read, but 
> because I have tried to use
> psql (not JDBC) over tcpip sockets with "ident", and, what do you know, 
> just like Kris said,
> there were system log messages about ident failures.  This is because 
> identd is disabled on
> our servers and blocked by our firewalls.

Sure -- to use ident authentication over TCP/IP, you need an ident 
server. There's no disagreement there. But trust authentication is a 
completely separate mechanism. It does not require an ident server.

To make sure I wasn't going crazy, I just doublechecked against the 
7.4.1 server here. It does not make outgoing ident connections when 
accepting connections from an IP that is configured for 'trust'.

> > > But, as I've found in practice, and as Kris Jurka has pointed out, 
> > > you do have to satisfy ident
> > > protocol requirements to use trust with network sockets.

[... more about ident authentication needing an ident server ...]

I'm not disagreeing with you about ident authentication -- it's trust 
authentication we're talking about.

-O