Re: confirming security. - Mailing list pgsql-general

Ahhh yes....it is now...

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
# TYPE  DATABASE        USER            ADDRESS                 METHOD
# "local" is for Unix domain socket connections only
#local   all             all                                     trust
# IPv4 local connections:
#host    all             all             127.0.0.1/32            trust
# IPv6 local connections:
#host    all             all             ::1/128                 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local   replication     postgres-xc                                trust
#host    replication     postgres-xc        127.0.0.1/32            trust
#host    replication     postgres-xc        ::1/128                 trust
hostssl all             all             127.0.0.1/32            cert
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
And the result...

postgres-xc@adminuser-VirtualBox:~/coord$ psql -h localhost testdb
psql: FATAL:  connection requires a valid client certificate
FATAL:  no pg_hba.conf entry for host "127.0.0.1", user "postgres-xc", data=
base "testdb", SSL off

Thank you so much!

-----Original Message-----
From: Adrian Klaver [mailto:adrian.klaver@gmail.com]=20
Sent: Friday, February 22, 2013 10:58 AM
To: Maz Mohammadi
Cc: John R Pierce; pgsql-general@postgresql.org
Subject: Re: [GENERAL] confirming security.

On 02/22/2013 07:50 AM, Maz Mohammadi wrote:
> Thx John,
>
> It got me a long way.  I actually have a more complex installation (I
> think) that I originally thought on my test linux box.  Looks like all=20
> the files that I modify are under /var/lib/post../coord.
>
> I added the line.. to pg_hba.conf
>
> hostssl   all           all           127.0.0.1/32       cert
>
> and after restarting the coordinator node, it errored because I had to=20
> modify postgresql.conf (ssl=3Doff) .  So I feel that the server is now=20
> running in SSL mode.
>
> But when I used psql...I'm getting this....
>
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>
> postgres-xc@adminuser-VirtualBox:~/coord$ psql -h localhost testdb
>
> psql (PGXC 1.0.0, based on PG 9.1.4)
>
> SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
>
> Type "help" for help.
>
> testdb=3D# select 2+2;
>
> ?column?
>
> ----------
>
>          4
>
> (1 row)
>
> testdb=3D# \q
>
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>
> It's telling me it's through an SSL connection, but I didn't specify=20
> any keystore on my side for psql?  Does it pick it up from somewhere?
>
> Any help is greatly appreciated J
>
> Postgresql isn't half bad ;)
>

Is the above line from pg_hba.conf the only one in the file?

If not could you post the entire file contents?

Remember in pg_hba.conf first match wins.


--
Adrian Klaver
adrian.klaver@gmail.com