On Fri, 5 Dec 2003, PostgreSQL Bugs List wrote: > I use "ident sameuser" authentication. Here are the relevant details from > pg_hba.conf. > > local all all ident sameuser > host all all 127.0.0.1 255.255.255.255 ident sameuser > host all all 0.0.0.0 0.0.0.0 reject > > All is well with psql authentication. However, when I tried to > use knoda/hk_classes to access the database, I could not get > authenticated. A typical error message was IDENT authentication failed > for user "irwin". When I traced this down through the hk_classes code > it was using PQconnectdb to connnect to the database, and there were > complaints in the postgresql log that the identd server was not > available. All knoda/hk_classes/PQconnectdb problems disappeared when I > installed identd (apt-get install pidentd) on my Debian stable system. > So all seems well when identd is installed, but there may be a security > concern with psql when it is not. On the other hand, if psql is > actually secure when identd is not running, then why isn't PQconnectdb > using the exact same (secure) method of authentication for this case?
My first guess is that knoda/hk_classes was going to 127.0.0.1 and psql was going through the local socket. local/ident is different from host/ident (see the section on ident authentication), the latter requires an ident server, the former does not. ---------------------------(end of broadcast)--------------------------- TIP 7: don't forget to increase your free space map settings
