Thread

  1. User authentication blues

    Maarten Boekhold <maartenb@dutepp0.et.tudelft.nl> — 1998-07-30T09:46:34Z

    Hi,
    
    I have a 6.3.2 server, and I want to use password authentication.
    So, I gave the user 'postgres' and some other user a password, and I put this
    in my pg_hba.conf:
    
    host         all         127.0.0.1     255.255.255.255   password
    host         all         206.31.72.11  255.255.255.255   password
    
    But I cannot connect this way using a password (psql -u). I can connect
    if I set everything to 'trust', but in that case I can even fool
    posttresql in thinking I'm user postgres while I'm logged on as the other 
    user by using password authentication and using 'postgres' as username 
    while supplying a fake password.
    
    Am I doing something wrong here?
    
    Maarten
    
    _____________________________________________________________________________
    | TU Delft, The Netherlands, Faculty of Information Technology and Systems  |
    |                   Department of Electrical Engineering                    |
    |           Computer Architecture and Digital Technique section             |
    |                          M.Boekhold@et.tudelft.nl                         |
    -----------------------------------------------------------------------------
    
    
    
  2. Re: [GENERAL] User authentication blues

    Jeffrey Napolitano <jnapoli@setech.com> — 1998-07-30T16:10:59Z

    Your pg_hba.conf listing does not include a password FILE - the format
    is:
    
    host	allowedDB's	IPaddys		mask	AUTHTYPE	PASSWORDFILE
    						(such as	(such as
    						"password",	"mypasswords")
    						"trust", etc)
    -- 
    When I was seven years old, I was once reprimanded by my mother for an
    act of collective brutality in which I had been involved at school.  A
    group of seven-year-olds had been teasing and tormenting a
    six-year-old.  "It is always so," my mother said.  "You do things
    together which not one of you would think of doing alone."  ...
    Wherever one looks in the world of human organization, collective
    responsibility brings a lowering of moral standards.  The military
    establishment is an extreme case, an organization which seems to have
    been expressly designed to make it possible for people to do things
    together which nobody in his right mind would do alone.
                    -- Freeman Dyson, "Weapons and Hope"
    
    Jeffrey Napolitano
    Lowly Intern
    Software Emancipation Technology
    
    
    Maarten Boekhold wrote:
    > 
    > Hi,
    > 
    > I have a 6.3.2 server, and I want to use password authentication.
    > So, I gave the user 'postgres' and some other user a password, and I put this
    > in my pg_hba.conf:
    > 
    > host         all         127.0.0.1     255.255.255.255   password
    > host         all         206.31.72.11  255.255.255.255   password
    > 
    > But I cannot connect this way using a password (psql -u). I can connect
    > if I set everything to 'trust', but in that case I can even fool
    > posttresql in thinking I'm user postgres while I'm logged on as the other
    > user by using password authentication and using 'postgres' as username
    > while supplying a fake password.
    > 
    > Am I doing something wrong here?
    > 
    > Maarten
    > 
    > _____________________________________________________________________________
    > | TU Delft, The Netherlands, Faculty of Information Technology and Systems  |
    > |                   Department of Electrical Engineering                    |
    > |           Computer Architecture and Digital Technique section             |
    > |                          M.Boekhold@et.tudelft.nl                         |
    > -----------------------------------------------------------------------------
    
    
  3. Re: [GENERAL] User authentication blues

    Maarten Boekhold <maartenb@dutepp0.et.tudelft.nl> — 1998-07-30T18:28:13Z

    On Thu, 30 Jul 1998, Jeffrey Napolitano wrote:
    
    > Your pg_hba.conf listing does not include a password FILE - the format
    > is:
    > 
    > host	allowedDB's	IPaddys		mask	AUTHTYPE	PASSWORDFILE
    > 						(such as	(such as
    > 						"password",	"mypasswords")
    > 						"trust", etc)
    
    AFAIK in the newer versions of PostgreSQL (6.3.2) this is not needed 
    anymore because the password is stored in a system table (pg_shadow, only 
    readable by the postgres superuser).
    
    Maarten
    
    _____________________________________________________________________________
    | TU Delft, The Netherlands, Faculty of Information Technology and Systems  |
    |                   Department of Electrical Engineering                    |
    |           Computer Architecture and Digital Technique section             |
    |                          M.Boekhold@et.tudelft.nl                         |
    -----------------------------------------------------------------------------
    
    
    
  4. Re: [GENERAL] User authentication blues

    Maarten Boekhold <maartenb@dutepp2.et.tudelft.nl> — 1998-07-30T19:13:01Z

    On Thu, 30 Jul 1998, Maarten Boekhold wrote:
    
    > Hi,
    > 
    > I have a 6.3.2 server, and I want to use password authentication.
    > So, I gave the user 'postgres' and some other user a password, and I put this
    > in my pg_hba.conf:
    > 
    > host         all         127.0.0.1     255.255.255.255   password
    > host         all         206.31.72.11  255.255.255.255   password
    > 
    > But I cannot connect this way using a password (psql -u). I can connect
    > if I set everything to 'trust', but in that case I can even fool
    > posttresql in thinking I'm user postgres while I'm logged on as the other 
    > user by using password authentication and using 'postgres' as username 
    > while supplying a fake password.
    
    I've figured out that if I use authtype 'crypt' in pg_hba.conf I can 
    connect to a database. I don't have to specify 'authtype=crypt' in my 
    perl-script, 'authtype=passwd' works just fine. Only, I cannot use this 
    to connect from older clients (ie. a 6.2 system). Too bad.....
    
    Maarten
    
    _____________________________________________________________________________
    | TU Delft, The Netherlands, Faculty of Information Technology and Systems  |
    |                   Department of Electrical Engineering                    |
    |           Computer Architecture and Digital Technique section             |
    |                          M.Boekhold@et.tudelft.nl                         |
    -----------------------------------------------------------------------------