Hi Yuwei, Thanks, that works.
Regards, Lu Wenbin On Wed, Dec 28, 2016 at 11:42 AM, [email protected] <[email protected] > wrote: > Local doesn't need cidr > Remove 127.0.0.0/28 > > On Tue, Dec 27, 2016 at 8:19 PM Wenbin Lu <[email protected]> wrote: > >> Hi, >> >> I removed the equal sign, >> >> Still got the error from log: >> " >> 2016-12-28 02:06:36.651424 GMT,,,p328627,th-2018600672 <(201)%20860-0672> >> ,,,,0,,,seg-10000,,,,,"LOG","F0000","invalid authentication method "" >> 127.0.0.1/28""",,,,,"line 85 of configuration file >> ""/data/hawq/master/pg_hba.conf""",,0,,"hba.c",1097, >> 2016-12-28 02:06:36.651543 GMT,,,p328627,th-2018600672 <(201)%20860-0672> >> ,,,,0,,,seg-10000,,,,,"FATAL","XX000","could not load >> pg_hba.conf",,,,,,,0,,"postmaster.c",1446, >> " >> >> line 85 is: >> *local all all 127.0.0.1/28 >> <http://127.0.0.1/28> ident omicron* >> >> After I remove the line, HAWQ is able to start. >> >> Please help to identify what is the correct syntax to use ident >> authentication for HAWQ. >> >> Thanks! >> >> Regards, >> Lu Wenbin >> >> On Wed, Dec 28, 2016 at 3:52 AM, Marshall Presser <[email protected]> >> wrote: >> >> Lu, >> >> The syntax for the map keyword seems to be different in the postgesql 8.3 >> documentation than in the 9.0 documentation. >> >> https://www.postgresql.org/docs/8.3/static/auth-pg-hba-conf.html >> >> # TYPE DATABASE USER CIDR-ADDRESS METHOD >> >> host all all 192.168.0.0/16 ident omicron >> >> What happens if you remove the equal sign in the file? >> MEP >> >> On Tue, Dec 27, 2016 at 11:37 AM, Wenbin Lu <[email protected]> >> wrote: >> >> Dear all, >> >> Does HAWQ support ident authentication? >> According to http://hdb.docs.pivotal.io/210/hawq/clientaccess/client_ >> auth.html, HAWQ supports all authentication methods in postgrel 9.0, >> which includes the ident. >> >> I tried to follow https://www.postgresql.org/docs/9.0/static/auth-pg- >> hba-conf.html and https://www.postgresql.org/docs/9.0/static/auth-pg- >> hba-conf.html >> >> The two files: >> *pg_hba.conf:* >> local all gpadmin ident >> host all gpadmin 127.0.0.1/28 trust >> host all gpadmin ::1/128 trust >> host all gpadmin 172.101.105.61/32 trust >> host all gpadmin fe80::250:56ff:fea5:d08d/128 trust >> host all gpadmin 172.101.105.60/32 trust >> #host all user1 172.101.105.61/32 trust >> #host all user1 172.101.105.60/32 trust >> *local all all 127.0.0.1/28 <http://127.0.0.1/28> >> ident map=omicron* >> #local all user1 ident >> #host all user1 127.0.0.1/28 trust >> >> *pg_ident.conf* >> omicron user1 gpadmin >> >> When I use *hawq restart cluster*, the start hangs at start master, not >> proceed. >> If I uncomment the lines in pg_hba.conf and delete the ident lines, the >> restart works find and I can use psql -U user1 to login. >> >> Is there any error with the ways I config for ident authentication? >> >> And another question, what is the best way to add a user to HAWQ? >> My way is: >> user1 is Linux local account >> 1) use createuser -s -l user1 >> 2) add user1 into pg_hba.conf, the commented lines above >> >> Is this the correct way? >> >> Thanks! >> >> Regards, >> Lu Wenbin >> >> >> >> >> >> -- >> Marshall Presser >> Pivotal Data Engineering >> mpresser@pivotal <[email protected]>.io >> 240.401.1750 <(240)%20401-1750> >> >> >> >> >> >> >> >> >>
