Interesting. This might be specific to CentOS 6 or caused by the options
passed to initdb when your postgresql cluster was created if done so
manually (e.g. "initdb --auth-host=ident"). Debian sets host auth for
localhost to md5 by default:
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
If you were relying on identd and it stopped responding, that would
explain the failure you observed. md5 auth seems much simpler and more
robust to me.
Kind regards,
Ben.
On 30/09/17 09:18, Baker, Matthew wrote:
The solution turned out to be in the pg_hba.conf file, but we're still not sure
how it got changed to stop accepting connection from ONLY the prod machine...
From my systems staff:
The issue turned out to be the pg_hba.conf files was restricting the
authentication method tomcat was trying to use.
This is what was in place originally:
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 ident
# IPv6 local connections:
host all all ::1/128 ident
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 ident
#host replication postgres ::1/128 ident
host all all 0.0.0.0/0 md5
I changed it to:
local all postgres peer
local all all md5
# IPv4 local connections:
#host all all 127.0.0.1/32 ident
# IPv6 local connections:
#host all all ::1/128 ident
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 ident
#host replication postgres ::1/128 ident
host all all 0.0.0.0/0 md5
Basically, I disabled IPv6, removed the 127.0.0.1/32 line (since it was conflicting with
the catch-all host at the bottom), and I changed the default line from peer to md5,
forcing the use of standard passwords for, and add the first "postgres" line to
allow trusted logins to that user when logged in as 'postgres'
Thanks!
-m
From: Baker, Matthew
Sent: Thursday, September 28, 2017 2:41 PM
To: 'geoserver-users@lists.sourceforge.net'
<geoserver-users@lists.sourceforge.net>
Subject: Publishing PostGIS layers - "ident authentication" failures
Hello all,
First time poster... hope this isn't too major a problem:
For some reason all of the sudden my production geoserver instance can't
connect to my postgis database, *BUT my development instance CAN*.
Prod was working fine yesterday.
(Here is the URL for the prod instance, in case anyone wants to have a look:
https://open-geo.dpsk12.org/geoserver/web/wicket/bookmarkable/org.geoserver.web.demo.MapPreviewPage?0)
Basically, all errors are throwing the same message:
FATAL: Ident authentication failed for user "dpsdata"
Unable to obtain connection: FATAL: Ident authentication failed for user
"dpsdata"
But again, why using my Dev instance, am I able to create a new workspace and a
new store and point to the same production database and have no issues?
I did some digging into the back-end of the postgresql configuration, and it
all looks good, and again the fact that Dev can connect just fine... I can use
the Dev geoserver to connect to the Prod database, make an edit in QGIS
directly to the Prod database, and see in the openlayers preview from Dev
showing the updated data.
I'm stumped!
All servers are running the following:
Dev: Geoserver 2.10
Prod: Geoserver 2.11
Servers: CentOS 6
Apache Tomcat
PostgreSQL: 9.5
PostGIS: 2.3.3
Thanks for any help you can give or suggestions for more troubleshooting.
-m
Matthew Baker
Sr. GIS Analyst
Department of Planning and Analysis
Denver Public Schools
matthew_ba...@dpsk12.org<mailto:matthew_ba...@dpsk12.org>
720-423-3419 / x33419
Denver Public Schools Shared Core Values:
Students First * Integrity * Equity * Collaboration * Accountability * Fun
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
--
Ben Caradoc-Davies <b...@transient.nz>
Director
Transient Software Limited <http://transient.nz/>
New Zealand
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
