Saturday, August 9, 2008

Re: [ADMIN] Problems with connection

H. Hall wrote:
> Курашкин Дмитрий wrote:
>> Hi to all!
>>
>> I have following systems:
>> 1. Local machine with Windows XP SP2 and PostgreSQL 8.2 - test system.
>> 2. Work server in local network (FreeBSD + PostgreSQL 8.2) - work
>> system.
>>
>> I write client with Delphi 7 IDE and use Zeos Lib 6.6.2
>> (http://zeos.firmos.at/) for database access.
>>
>> When I tried to connect to server I recieve error message: "SQL Error:
>> fe_sendauth: authentication type 5 not supported."
>> After searching in internet I found solution: set authentication
>> method "password" instead of "md5".
>> In file pg_hba.conf on local machine I wrote:
>>
>> # TYPE DATABASE USER CIDR-ADDRESS METHOD
>> host all all 127.0.0.1/32 password
>>
>> and on server:
>> # TYPE DATABASE USER CIDR-ADDRESS METHOD
>> host all all 192.168.3.0/24 password
>>
>> My IP-address in local network is 192.168.3.16...
>>
>> After that I can to connect to test PostgreSQL server on localhost,
>> and connection works fine, but attempt to connect to work server
>> finishes by
>> same error message "SQL Error: fe_sendauth: authentication type 5 not
>> supported."
>>
>> I tried to place string in pg_hba.conf on first and last positions,
>> wrote names of databases and users instead of "all" but it doesn't
>> work.
>>
> Understanding the net mask:
> ----------------------------
> The IPv4 address is 32bits, arranged in 4 sets of 8 bits each.
> The decimal range for an IP mask is 0.0.0.0-255.255.255.255.
> The net mask defines how many bits need to match, counting from the left.
>
> For example a netmask /8 means the first 8 bits must exactly match,
> for example 192.168.0.101/8 means all IPs beginning with 192 can
> connect.
> /16 means the: first 16 bits have to match that is the first two
> numbers in the IP must match
> e.g. 192.168.0.101/16 means that all IPs begining with 192.168 can
> connect.
> /32 means: the entire IP must match exactly for example
> 192.168.0.101/32 means that only an IP exactly equal to 192.168.0.101
> may connect.
>
> How can we use it:
>
> # trust anyone attached to same machine as the database (no password
> required)
> host all all 127.0.0.1/32 trust
>
> # allow anyone to attach to any db FROM THIS ONE IP but require a
> password encrypted via md5
> host all all 192.168.0.101/32 md5
>
> Also note that the pg_hba.conf file is read only on server startup or
> when the postmaster receives a SIGHUP signal. If you edit the file,
> you must restart the server or SIGHUP the postmaster for the changes
> to take effect.
>
> You can use
>
> pg_ctl reload -D /usr/local/pgsql/data
> Note: /usr/local/pgsql/data is a Linux path to the database, use
> equivalent for windows. The pg_ctl program is in the postgres bin
> directory.
>
> See this link for more info:
> http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html
>
> --Cheers,
> HH
>> As I understand, my main problem is to force PostgreSQL server allow
>> me to connect with password authentication method, isn't it? And how I
>> can do that?
Sorry, got in a hurry and forgot to add some things:
1. Are you using ODBC to connect. If so, it could be that ODBC is having
the problem with MD5. I don't know if ODBC has such problems, just a
thought.
2. If you use password, you may have to change file postgresql.conf to
include this setting:

# (the default is on)
password_encryption = off

If you change this, you may also have to reset the users' passwords so
that they are stored in plain text i.e. non-encrypted.

3. How did you create users and assign passwords. Did you encrypt them?
You may want to review this:
http://www.postgresql.org/docs/8.0/interactive/sql-createuser.html

--Cheers,
HH

>>
>> P. S. Sorry for poor english...
>>
>>
>>
>
>


--
H. Hall
ReedyRiver Group LLC
http://www.reedyriver.com


--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

No comments: