[BUGS] BUG #5763: pg_hba.conf not honored

Tue, 23 Nov 2010 03:15:25 -0800 

The following bug has been logged online:

Bug reference:      5763
Logged by:          Kaiting Chen
Email address:      kaitocr...@gmail.com
PostgreSQL version: 9.0.1
Operating system:   Arch Linux (latest)
Description:        pg_hba.conf not honored
Details: 

### /etc/postgresql/pg_hba.conf: Authentication configuration for
'postgresql'

# Type   Database  User     CIDR-ADDRESS        Method
  local  all       psql                         ident
  host   all       +service 192.168.162.130/32  password
  host   all       all      192.168.162.130/32  gss

### /etc/postgresql/pg_hba.conf: Authentication configuration for
'postgresql'

                           List of roles
     Role name     |            Attributes             | Member of
-------------------+-----------------------------------+-----------
 kaiting.chen      | Superuser, Create role, Create DB | {turtle}
 psql              | Superuser, Create role, Create DB | {}
 service           |                                   | {}
 turtle            |                                   | {}

---

kaiting.chen ~: PGHOST='psql.kiwilight.com' psql
Password:
psql: fe_sendauth: no password supplied

>From this pg_hba configuration as the user 'kaiting.chen' is not in role
'service' the second entry in the table should be skipped and he should
authenticate via GSSAPI. However this does not happen.




### /etc/postgresql/pg_hba.conf: Authentication configuration for
'postgresql'

# Type   Database  User     CIDR-ADDRESS        Method
  local  all       psql                         ident
  host   all       +turtle  192.168.162.130/32  gss
  host   all       all      192.168.162.130/32  password

### /etc/postgresql/pg_hba.conf: Authentication configuration for
'postgresql'

                           List of roles
     Role name     |            Attributes             | Member of
-------------------+-----------------------------------+-----------
 kaiting.chen      | Superuser, Create role, Create DB | {}
 psql              | Superuser, Create role, Create DB | {}
 service           |                                   | {}
 turtle            |                                   | {}

---

kaiting.chen ~: PGHOST='psql.kiwilight.com' psql
psql (9.0.1)
Type "help" for help.

kaiting.chen=#

>From this pg_hba configuration as the user 'kaiting.chen' is no longer in
the role 'turtle' the second entry in the table should be skipped and he
should authenticate via password. However he is granted access to the
server.

Either I am missing something very obvious or this is completely broken.
--Kaiting.

-- 
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs

Reply via email to