ident fails on win2k host...

"Robert J. Sanford, Jr." <rsanford@nolimitsystems.com> writes:

does ident authentication work under win2k?

AFAIK it should work; it doesn't depend on anything special on the
server machine. The questions you need to be asking are
(a) does the *client* machine have an ident daemon running;
(b) can you reach that ident daemon's port (here's where the firewall
might come in);
(c) do you trust that ident daemon to tell you the truth (some would
say that a machine outside your firewall is ipso facto not to be
trusted);
(d) have you set up an appropriate ident mapping in the postgres config
files?

See the documentation. I don't think the fact that you are running
the server on top of cygwin affects any of these issues.

If you're not clear on why ident auth is failing, look in the
postmaster's logfile for the logged error message, which should
be more informative than the rejection sent to the client.

regards, tom lane

It's rumoured that Robert J. Sanford, Jr. once said:

i have set up my win2k box with postgres with 7.1.3 cygwin pre-built. i
have opened a port in my firewall to allow postgres requests to go
through. a remote user is attempting to hit the box but is getting an
ident error. in the admin.pdf doc i find the following about ident
authentication...

"The ident server on the client host is asked
for the identity of the connecting user.
Postgres then verifies whether the so identified
operating system user is allowed to connect as
the database user that is requested. This is only
available for TCP/IP connections. The
authentication option following the ident keyword
specifies the name of an ident map that specifies
which operating system users equate with which
database users. See below for details."

does ident authentication work under win2k?

I don't believe it does.

if so, does this mean that i need to add my remote user as a user on my
win2k machine?

if so, what rights do they need to have? and do i need to configure my
firewall to allow a different port to be opened up?

if i cannot use ident based authentication under cygwin, how do i allow
remote users who are using the win32 ODBC driver to connect to the
database? should i switch to kerberos? if so, which version?

he'p me! he'p me! i been hyp-mo-tized!

The easiest option would be to use password authentication, and add the
user to your PostgreSQL system using CREATE USER xxx WITH PASSWORD 'yyy'.

Regards, Dave.

It's rumoured that Tom Lane once said:

"Robert J. Sanford, Jr." <rsanford@nolimitsystems.com> writes:

does ident authentication work under win2k?

AFAIK it should work; it doesn't depend on anything special on the
server machine. The questions you need to be asking are
(a) does the *client* machine have an ident daemon running;
(b) can you reach that ident daemon's port (here's where the firewall
might come in);
(c) do you trust that ident daemon to tell you the truth (some would
say that a machine outside your firewall is ipso facto not to be
trusted);
(d) have you set up an appropriate ident mapping in the postgres config
files?

See the documentation. I don't think the fact that you are running the
server on top of cygwin affects any of these issues.

If you're not clear on why ident auth is failing, look in the
postmaster's logfile for the logged error message, which should
be more informative than the rejection sent to the client.

regards, tom lane

Win2K doesn't have a native ident service. In my other post on this thread
a couple of minutes ago I quoted that I didn't think this ident would work
on 2K - due to a minor brain failure I actually meant the failure was on
the client side as Tom points out. If your client is Win2K as well, you
might find that an identd will run under Cygwin which should help solve
your problem.

Dave.