Discussion:
any postgres gurus here?
Robin Paulson
2011-03-08 00:53:06 UTC
Permalink
i'm setting up a postgres database to use as a backend for project
open, a project management package on ubuntu.

the setup demands config in:
/etc/postgresql/8.3/main/pg_hba.conf

as follows:
------------------------------------------------------------------------------------
#IPV4 local connections
host all all 127.0.0.1/32 ident sameuser
------------------------------------------------------------------------------------

which appears correct from postgres documentation [1]. but postgres
fails on re-start:
=============================================
2011-03-09 03:02:08 NZDT CONTEXT: line 77 of configuration file
"/etc/postgresql/8.4/main/pg_hba.conf"
2011-03-09 03:02:08 NZDT LOG: authentication option not in name=value
format: sameuser

2011-03-09 03:02:08 NZDT CONTEXT: line 84 of configuration file
"/etc/postgresql/8.4/main/pg_hba.conf"
2011-03-09 03:02:08 NZDT FATAL: could not load pg_hba.conf
=============================================

i don't understand the request for a name=value format, why is it required here?

i'm not entirely sure what "sameuser" resolves to in reality - i
assume it is a variable which points to something else

[1] http://k12linux.mesd.k12.or.us/docs/postgres/client-authentication.html

thanks
--
robin

http://tangleball.org.nz/ - Auckland's Creative Space
http://openstreetmap.org.nz/ - Open Street Map New Zealand
http://bumblepuppy.org/blog/

_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
Steve Holdoway
2011-03-08 01:09:48 UTC
Permalink
can you post the complete pg_hba.conf - or just lines 77 and 84?

sameuser is when you're connecting to the database as bert, and you're
also logged in as bert ( not that simple, but you get the idea (: ) you
don't need a password.

Edit: may have found the problem. You're running 8.4, not 8.3, so
editing the 8.3 conf file will have no effect (:

Steve
Post by Robin Paulson
i'm setting up a postgres database to use as a backend for project
open, a project management package on ubuntu.
/etc/postgresql/8.3/main/pg_hba.conf
------------------------------------------------------------------------------------
#IPV4 local connections
host all all 127.0.0.1/32 ident sameuser
------------------------------------------------------------------------------------
which appears correct from postgres documentation [1]. but postgres
=============================================
2011-03-09 03:02:08 NZDT CONTEXT: line 77 of configuration file
"/etc/postgresql/8.4/main/pg_hba.conf"
2011-03-09 03:02:08 NZDT LOG: authentication option not in name=value
format: sameuser
2011-03-09 03:02:08 NZDT CONTEXT: line 84 of configuration file
"/etc/postgresql/8.4/main/pg_hba.conf"
2011-03-09 03:02:08 NZDT FATAL: could not load pg_hba.conf
=============================================
i don't understand the request for a name=value format, why is it required here?
i'm not entirely sure what "sameuser" resolves to in reality - i
assume it is a variable which points to something else
[1] http://k12linux.mesd.k12.or.us/docs/postgres/client-authentication.html
thanks
--
Steve Holdoway BSc(Hons) MNZCS <***@greengecko.co.nz>
http://www.greengecko.co.nz
MSN: ***@greengecko.co.nz
Skype: sholdowa
Robin Paulson
2011-03-08 01:15:49 UTC
Permalink
Post by Steve Holdoway
can you post the complete pg_hba.conf - or just lines 77 and 84?
the relevant parts (all the other bits are #'d out)

line 77 is the first line

line 84 is the IPv4 part

================================================
local all postgres ident sameuser

# TYPE DATABASE USER CIDR-ADDRESS METHOD

# "local" is for Unix domain socket connections only
local all all ident sameuser
# IPv4 local connections:
host all all 127.0.0.1/32 ident sameuser
# IPv6 local connections:
host all all ::1/128 md5
================================================
Post by Steve Holdoway
sameuser is when you're connecting to the database as bert, and you're
also logged in as bert ( not that simple, but you get the idea (: ) you
don't need a password.
i see, got it. i think. so, i need to start postgres as user
'postgres', rather than my logon (with sudo rights)
Post by Steve Holdoway
Edit: may have found the problem. You're running 8.4, not 8.3, so
ha, well spotted, but i got that right - i posted the wrong file name
in the email. i do have 8.4 installed, and am editing the 8.4 config
file
--
robin

http://tangleball.org.nz/ - Auckland's Creative Space
http://openstreetmap.org.nz/ - Open Street Map New Zealand
http://bumblepuppy.org/blog/

_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
Nevyn
2011-03-08 01:31:04 UTC
Permalink
Post by Robin Paulson
Post by Steve Holdoway
can you post the complete pg_hba.conf - or just lines 77 and 84?
the relevant parts (all the other bits are #'d out)
line 77 is the first line
line 84 is the IPv4 part
================================================
local   all         postgres                          ident sameuser
http://postgresql.1045698.n5.nabble.com/ident-changes-between-8-3-and-8-4-td1977568.html

Apparently the configuration file changed a little between 8.3 and
8.4. You no longer need "sameuser". Sameuser is instead the default if
no map is defined.

(I think my beard just grew a little :p)

Regards,
Nevyn
http://nevsramblings.blogspot.com/

_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
Cliff Pratt
2011-03-08 06:43:38 UTC
Permalink
Post by Robin Paulson
Post by Steve Holdoway
can you post the complete pg_hba.conf - or just lines 77 and 84?
the relevant parts (all the other bits are #'d out)
line 77 is the first line
line 84 is the IPv4 part
================================================
local all postgres ident sameuser
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all ident sameuser
host all all 127.0.0.1/32 ident sameuser
host all all ::1/128 md5
================================================
Post by Steve Holdoway
sameuser is when you're connecting to the database as bert, and you're
also logged in as bert ( not that simple, but you get the idea (: ) you
don't need a password.
i see, got it. i think. so, i need to start postgres as user
'postgres', rather than my logon (with sudo rights)
Nooooooo! Use the init script.
Post by Robin Paulson
Post by Steve Holdoway
Edit: may have found the problem. You're running 8.4, not 8.3, so
ha, well spotted, but i got that right - i posted the wrong file name
in the email. i do have 8.4 installed, and am editing the 8.4 config
file
I doubt you have an ident server do you?

Assuming you aren't connecting to the postgres from another server, then
you are probably connecting locally, so you need something like:

local all postgres trust
local webstats webstats password
local all all ident

First line says trust the postgres user, that is no password.

Second line says let webstats user connect to the webstats db by giving
a password.

Third line - anybody else should be identified by the ident server
(assuming you have one) on the same machine.

Cheers,

Cliff

_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
Daniel Lawson
2011-03-08 07:14:15 UTC
Permalink
Post by Cliff Pratt
I doubt you have an ident server do you?
Assuming you aren't connecting to the postgres from another server,
local all postgres trust
local webstats webstats password
local all all ident
First line says trust the postgres user, that is no password.
Second line says let webstats user connect to the webstats db by
giving a password.
Third line - anybody else should be identified by the ident server
(assuming you have one) on the same machine.
"local" connections will default to using a unix domain socket (as
opposed to "host ... 127.0.0.1" or similar connections, which will use
TCP/IP to localhost). An identd server isn't required when using domain
sockets, as postgres can work out your uid directly.

_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
Cliff Pratt
2011-03-08 09:49:01 UTC
Permalink
Post by Daniel Lawson
Post by Cliff Pratt
I doubt you have an ident server do you?
Assuming you aren't connecting to the postgres from another server,
local all postgres trust
local webstats webstats password
local all all ident
First line says trust the postgres user, that is no password.
Second line says let webstats user connect to the webstats db by
giving a password.
Third line - anybody else should be identified by the ident server
(assuming you have one) on the same machine.
"local" connections will default to using a unix domain socket (as
opposed to "host ... 127.0.0.1" or similar connections, which will use
TCP/IP to localhost). An identd server isn't required when using domain
sockets, as postgres can work out your uid directly.
Ah OK. I've rarely used unix domain sockets even when accessing a PG
server on the same box.

Cheers,

Cliff

_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug

Continue reading on narkive:
Loading...