Participants
Ralph Smith
Ralph Smith
Andrej Ricnik-Bay
Andrej Ricnik-Bay
Tom Lane
Tom Lane
Attachments
Show all attachments
Thread Outline
#1Ralph SmithRalph Smith
Mar 05, 2008
#2Ralph SmithRalph Smithto Ralph Smith (#1)
Mar 05, 2008
#3...#4
Andrej Ricnik-BayTom Lane
to Ralph Smith (#1)
Mar 05, 2008
#3Andrej Ricnik-BayAndrej Ricnik-Bayto Ralph Smith (#1)
Mar 05, 2008
#4Tom LaneTom Laneto Andrej Ricnik-Bay (#3)
Mar 05, 2008

Requiring a password

Started by Ralph Smithabout 18 years ago4 messagesgeneral
Jump to latest
#1Ralph Smith
Ralph Smith
smithrn@washington.edu

I guess I'm missing something.

Question part A)

I have smithrn in ident.conf, and he can now connect as user airburst
to same-named DB.
I tested and before he couldn't.

But when i:
ALTER ROLE airburst WITH UNENCRYPTED PASSWORD 'maxwellsmart' ;
ALTER ROLE

Even after reloading and restarting the DB, which shouldn't be
necessary, smithrn still gets in w/o any password checks.
How come?

-----

Question part B)

I have SSL on, and all the client boxes also have it.
If I change HBA, how will / would I change my login?
As it is now, a particular user connects to a particular DB w/o any
password prompt.
e.g.: psql -U username dbname

Thank you!
Ralph Smith
=====================

#2Ralph Smith
Ralph Smith
smithrn@washington.edu
In reply to: Ralph Smith (#1)
Fwd: Requiring a password

I guess I'm missing something.

Question part A)

I have smithrn in ident.conf, and he can now connect as user airburst
to same-named DB.
I tested and before he couldn't.

But when i:
ALTER ROLE airburst WITH UNENCRYPTED PASSWORD 'maxwellsmart' ;
ALTER ROLE

Even after reloading and restarting the DB, which shouldn't be
necessary, smithrn still gets in w/o any password checks.
How come?

-----

Question part B)

I have SSL on, and all the client boxes also have it.
If I change HBA, how will / would I change my login?
As it is now, a particular user connects to a particular DB w/o any
password prompt.
e.g.: psql -U username dbname

Thank you!
Ralph Smith
=====================

#3Andrej Ricnik-Bay
Andrej Ricnik-Bay
andrej.groups@gmail.com
In reply to: Ralph Smith (#1)
Re: Requiring a password

On 06/03/2008, Ralph Smith <smithrn@washington.edu> wrote:

I guess I'm missing something.

Question part A)

Even after reloading and restarting the DB, which shouldn't be necessary,
smithrn still gets in w/o any password checks.
How come?

Impossible to answer w/o knowing any entries in your pg_hba.conf

Question part B)

I have SSL on, and all the client boxes also have it.
If I change HBA, how will / would I change my login?
As it is now, a particular user connects to a particular DB w/o any password
prompt.
e.g.: psql -U username dbname

To the best of my knowledge the authentication shouldn't
be affected by the transport ...

Thank you!

Ralph Smith

Cheers,
Andrej

--
Please don't top post, and don't use HTML e-Mail :} Make your quotes concise.

http://www.american.edu/econ/notes/htmlmail.htm

#4Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Andrej Ricnik-Bay (#3)
Re: Requiring a password

"Andrej Ricnik-Bay" <andrej.groups@gmail.com> writes:

On 06/03/2008, Ralph Smith <smithrn@washington.edu> wrote:

Even after reloading and restarting the DB, which shouldn't be necessary,
smithrn still gets in w/o any password checks.
How come?

Impossible to answer w/o knowing any entries in your pg_hba.conf

I think the OP expects the act of assigning a password to a particular
role to be enough to cause password authentication to be used. It's
not: you have to make sure that pg_hba.conf specifies that auth method.

regards, tom lane

← Back to Topics