Saturday, August 9, 2008

Re: [ADMIN] Problems with connection

Курашкин Дмитрий wrote:
> Hi to all!
>
> I have following systems:
> 1. Local machine with Windows XP SP2 and PostgreSQL 8.2 - test system.
> 2. Work server in local network (FreeBSD + PostgreSQL 8.2) - work
> system.
>
> I write client with Delphi 7 IDE and use Zeos Lib 6.6.2
> (http://zeos.firmos.at/) for database access.
>
> When I tried to connect to server I recieve error message: "SQL Error:
> fe_sendauth: authentication type 5 not supported."
> After searching in internet I found solution: set authentication
> method "password" instead of "md5".
> In file pg_hba.conf on local machine I wrote:
>
> # TYPE DATABASE USER CIDR-ADDRESS METHOD
> host all all 127.0.0.1/32 password
>
> and on server:
> # TYPE DATABASE USER CIDR-ADDRESS METHOD
> host all all 192.168.3.0/24 password
>
> My IP-address in local network is 192.168.3.16...
>
> After that I can to connect to test PostgreSQL server on localhost,
> and connection works fine, but attempt to connect to work server finishes by
> same error message "SQL Error: fe_sendauth: authentication type 5 not
> supported."
>
> I tried to place string in pg_hba.conf on first and last positions,
> wrote names of databases and users instead of "all" but it doesn't
> work.
>
Understanding the net mask:
----------------------------
The IPv4 address is 32bits, arranged in 4 sets of 8 bits each.
The decimal range for an IP mask is 0.0.0.0-255.255.255.255.
The net mask defines how many bits need to match, counting from the left.

For example a netmask /8 means the first 8 bits must exactly match,
for example 192.168.0.101/8 means all IPs beginning with 192 can connect.
/16 means the: first 16 bits have to match that is the first two numbers
in the IP must match
e.g. 192.168.0.101/16 means that all IPs begining with 192.168 can connect.
/32 means: the entire IP must match exactly for example 192.168.0.101/32
means that only an IP exactly equal to 192.168.0.101 may connect.

How can we use it:

# trust anyone attached to same machine as the database (no password
required)
host all all 127.0.0.1/32 trust

# allow anyone to attach to any db FROM THIS ONE IP but require a
password encrypted via md5
host all all 192.168.0.101/32 md5

Also note that the pg_hba.conf file is read only on server startup or
when the postmaster receives a SIGHUP signal. If you edit the file, you
must restart the server or SIGHUP the postmaster for the changes to take
effect.

You can use

pg_ctl reload -D /usr/local/pgsql/data

Note: /usr/local/pgsql/data is a Linux path to the database, use
equivalent for windows. The pg_ctl program is in the postgres bin directory.

See this link for more info:
http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html

--Cheers,
HH
> As I understand, my main problem is to force PostgreSQL server allow
> me to connect with password authentication method, isn't it? And how I
> can do that?
>
> P. S. Sorry for poor english...
>
>
>


--
H. Hall
ReedyRiver Group LLC
http://www.reedyriver.com


--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

No comments: