so why do I get a password error when i try to connect 2 users over VPN
from the same machine to the same host with the following settings in
pg_dba.conf - how to find the issue
( user1:user1pwd@<vpnip/database> & user2:user2pwd@<vpnip/database> )
# IPv4 external connections thru VPN
#TYPE DATABASE USER ADDRESS METHOD
host all all <ip> scram-sha-256
and whats the best option keeping security in mind
regards
Sanjay
On Fri, Feb 9, 2024 at 1:26 PM Daniel Gustafsson <dan...@yesql.se> wrote:
> > On 9 Feb 2024, at 08:41, Sanjay Minni <sanjay.mi...@gmail.com> wrote:
>
> > while trying to make multiple connects with different role names to a
> single database over VPN i faced a password error issue when trying to
> connect a send user
> > It seems I had to change this line in pg_hba.conf and it worked:
> >
> > `# IPv4 external connections thru VPN
> > #TYPE DATABASE USER ADDRESS METHOD
> > host all all <ip> trust ` <=(from the earlier
> scram-sha-256)
> >
> > is this the way and is this correct from a security point of view ?
>
> While correctness and security always needs to be evaluated from the
> specific
> needs of an installation, the odds are pretty good that "No" is the correct
> answer here. To quote the documentation on the "trust" setting:
>
> "Allow the connection unconditionally. This method allows anyone
> that
> can connect to the PostgreSQL database server to login as any
> PostgreSQL user they wish, without the need for a password or any
> other
> authentication."
>
> I would recommend immediately reverting back to the scram-sha-256 setting
> and
> figuring out why you were unable to login.
>
> --
> Daniel Gustafsson
>
>
