LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-19-2007, 01:13 AM   #1
venki
Member
 
Registered: Sep 2006
Location: India
Distribution: suse10.2
Posts: 128

Rep: Reputation: 15
password in pg_hba.conf


hi All,


the below is by pg_bha.conf file

# TYPE DATABASE USER CIDR-ADDRESS METHOD

# "local" is for Unix domain socket connections only
local all all trust

# IPv4 local connections:
host nagesh venki 192.168.1.0/24 password


here nagesh is database , venki is username and nagesh is password.

but when i am loging into phpPgadmin,
iam giving venki and wrong password ,still it is entering into database!!
where is the security?

plz help me!

i have to do any more changes??
 
Old 07-19-2007, 02:53 AM   #2
rocket357
Member
 
Registered: Mar 2007
Location: 127.0.0.1
Distribution: OpenBSD-CURRENT
Posts: 485
Blog Entries: 160

Rep: Reputation: 74
Are you connecting to it from the machine that PostgreSQL is running on? If so, then the first line:

Quote:
local all all trust
is the culprit. (If you are NOT connecting locally, then you should be prompted for a password.) If you'd rather all users enter a password (local users, too), then change the line I quoted to:

Quote:
local all all password
That will enforce password policy on your local users as well.

Oh, and if you're running a relatively recent version of PostgreSQL, you have to restart PostgreSQL to make the changes effective.

Last edited by rocket357; 07-19-2007 at 02:54 AM.
 
Old 07-19-2007, 07:23 PM   #3
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
And that all said: don't use password but md5 if there's any
reason to believe that people using the machine may be curious
or have malicious intentions ....

That change would require you to modify the user accounts in
postgres to use 'encrypted password'.
Code:
alter user po_user with encrypted password 'rrrright:)';

Cheers,
Tink
 
Old 07-19-2007, 10:20 PM   #4
rocket357
Member
 
Registered: Mar 2007
Location: 127.0.0.1
Distribution: OpenBSD-CURRENT
Posts: 485
Blog Entries: 160

Rep: Reputation: 74
Excellent advice from Tinkster...pay attention, heh.

This is true...you can tell PostgreSQL to use md5 hashing of passwords (relatively weak, but stronger than plaintext!), or you can tell PostgreSQL to use encrypted passwords. I ran across a howto at IBM (I believe) that described using PAM authentication as well...but I don't have any experience with integrating PAM with PostgreSQL.

Just remember to restart the PostgreSQL server when you make changes that require the pg_hba.conf file to be re-parsed!
 
Old 07-23-2007, 01:09 AM   #5
venki
Member
 
Registered: Sep 2006
Location: India
Distribution: suse10.2
Posts: 128

Original Poster
Rep: Reputation: 15
I am able to connect to the database . but i is taking any passowrd! it is not checking for the password of the nagesh, it is accepting any password if localhost is trust!
i.e ,
local all all tryst
else if local all all password
then
it is not at all accepting any password

plz help
my station no is 39. postgresql also running in this
 
Old 07-23-2007, 03:12 AM   #6
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Well, did you set-up passwords for any users within postgres?


Cheers,
Tink
 
Old 07-26-2007, 06:26 AM   #7
venki
Member
 
Registered: Sep 2006
Location: India
Distribution: suse10.2
Posts: 128

Original Poster
Rep: Reputation: 15
ya i setup passwords for every user!!
still it is accepting any passwrd!!
 
Old 07-26-2007, 12:34 PM   #8
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
And what does your pg_hba.conf look like at them moment?


Cheers,
Tink
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
pg_hba.conf problem Spus Linux - Newbie 9 06-13-2006 01:41 PM
Root Password & Uses of .conf files arut Solaris / OpenSolaris 2 01-04-2005 11:18 AM
SUSE 9.1: named.conf works, but including separate conf files doesn't??? registering Linux - Distributions 0 06-09-2004 04:03 PM
Apache Auth Password in httpd.conf ignored barlowbj Linux - Newbie 3 09-30-2003 07:42 AM
pg_hba.conf hubergeek Linux - General 0 04-22-2002 01:40 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration