Local doesn't need cidr Remove 127.0.0.0/28 On Tue, Dec 27, 2016 at 8:19 PM Wenbin Lu <[email protected]> wrote:
> Hi, > > I removed the equal sign, > > Still got the error from log: > " > 2016-12-28 02:06:36.651424 > GMT,,,p328627,th-2018600672,,,,0,,,seg-10000,,,,,"LOG","F0000","invalid > authentication method ""127.0.0.1/28""",,,,,"line 85 of configuration > file ""/data/hawq/master/pg_hba.conf""",,0,,"hba.c",1097, > 2016-12-28 02:06:36.651543 > GMT,,,p328627,th-2018600672,,,,0,,,seg-10000,,,,,"FATAL","XX000","could not > load pg_hba.conf",,,,,,,0,,"postmaster.c",1446, > " > > line 85 is: > *local all all 127.0.0.1/28 <http://127.0.0.1/28> > ident omicron* > > After I remove the line, HAWQ is able to start. > > Please help to identify what is the correct syntax to use ident > authentication for HAWQ. > > Thanks! > > Regards, > Lu Wenbin > > On Wed, Dec 28, 2016 at 3:52 AM, Marshall Presser <[email protected]> > wrote: > > Lu, > > The syntax for the map keyword seems to be different in the postgesql 8.3 > documentation than in the 9.0 documentation. > > https://www.postgresql.org/docs/8.3/static/auth-pg-hba-conf.html > > # TYPE DATABASE USER CIDR-ADDRESS METHOD > > host all all 192.168.0.0/16 ident omicron > > What happens if you remove the equal sign in the file? > MEP > > On Tue, Dec 27, 2016 at 11:37 AM, Wenbin Lu <[email protected]> wrote: > > Dear all, > > Does HAWQ support ident authentication? > According to > http://hdb.docs.pivotal.io/210/hawq/clientaccess/client_auth.html, HAWQ > supports all authentication methods in postgrel 9.0, which includes the > ident. > > I tried to follow > https://www.postgresql.org/docs/9.0/static/auth-pg-hba-conf.html and > https://www.postgresql.org/docs/9.0/static/auth-pg-hba-conf.html > > The two files: > *pg_hba.conf:* > local all gpadmin ident > host all gpadmin 127.0.0.1/28 trust > host all gpadmin ::1/128 trust > host all gpadmin 172.101.105.61/32 trust > host all gpadmin fe80::250:56ff:fea5:d08d/128 trust > host all gpadmin 172.101.105.60/32 trust > #host all user1 172.101.105.61/32 trust > #host all user1 172.101.105.60/32 trust > *local all all 127.0.0.1/28 <http://127.0.0.1/28> > ident map=omicron* > #local all user1 ident > #host all user1 127.0.0.1/28 trust > > *pg_ident.conf* > omicron user1 gpadmin > > When I use *hawq restart cluster*, the start hangs at start master, not > proceed. > If I uncomment the lines in pg_hba.conf and delete the ident lines, the > restart works find and I can use psql -U user1 to login. > > Is there any error with the ways I config for ident authentication? > > And another question, what is the best way to add a user to HAWQ? > My way is: > user1 is Linux local account > 1) use createuser -s -l user1 > 2) add user1 into pg_hba.conf, the commented lines above > > Is this the correct way? > > Thanks! > > Regards, > Lu Wenbin > > > > > > -- > Marshall Presser > Pivotal Data Engineering > mpresser@pivotal <[email protected]>.io > 240.401.1750 <(240)%20401-1750> > > > > > > > > >
