Postgres 不允许 localhost 但可以使用 127.0.0.1
Postgres not allowing localhost but works with 127.0.0.1
如果我说 -h localhost Postgres 不接受连接,但如果我说 -h 127.0.0.1
它会工作
[root@5d9ca0effd7f opensips]# psql -U postgres -h localhost -W
Password for user postgres:
psql: FATAL: Ident authentication failed for user "postgres"
[root@5d9ca0effd7f opensips]# psql -U postgres -h 127.0.0.1 -W
Password for user postgres:
psql (8.4.20)
Type "help" for help.
postgres=#
我的/var/lib/pgsql/data/pg_hba.conf
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
local all all ident
# IPv4 local connections:
host all all 127.0.0.1/32 trust
host all all 127.0.0.1/32 ident
# IPv6 local connections:
host all all ::1/128 ident
如果我添加以下行,那么 Postgres 服务 failed 将启动:
host all all localhost ident
host all all localhost trust
怎么了?
更新
我的 /etc/hosts 文件:
[root@5d9ca0effd7f opensips]# cat /etc/hosts
172.17.0.2 5d9ca0effd7f
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
在 pg_hba.conf 中,第一个匹配项 计数。 The manual:
The first record with a matching connection type, client address,
requested database, and user name is used to perform authentication.
There is no "fall-through" or "backup": if one record is chosen and
the authentication fails, subsequent records are not considered. If no
record matches, access is denied.
注意相反的顺序:
host all all 127.0.0.1/32 trust
host all all 127.0.0.1/32 ident
但是:
host all all localhost ident
host all all localhost trust
记得在保存对 pg_hba.conf 的更改后 重新加载 。 (不需要重新启动。)The manual:
The pg_hba.conf file is read on start-up and when the main server
process receives a SIGHUP signal. If you edit the file on an active
system, you will need to signal the postmaster (using pg_ctl reload,
calling the SQL function pg_reload_conf(), or using kill -HUP) to
make it re-read the file.
如果你真的像你写的那样“添加”这些行,应该不会有任何影响。但是如果你替换这些行,就会有。
在第一种情况下,您将获得 trust 身份验证方法,这是一种开门政策。 The manual:
PostgreSQL assumes that anyone who can connect to the server is
authorized to access the database with whatever database user name
they specify (even superuser names)
但在第二种情况下,您会得到 ident authentication method,必须正确设置它才能工作。
此外,、localhost 涵盖 IPv4 和 IPv6,而 127.0.0.1/32 仅适用于 IPv4。
如果您实际使用的是过时的 8.4 版本,请转到 old manual for 8.4. You are aware that 8.4 has reached EOL in 2014 不再支持?考虑升级到当前版本。
在 Postgres 9.1 或更高版本中,您宁愿使用 peer 而不是 ident.
更多:
- Run batch file with psql command without password
问题
Postgres 可能会在指定 -h localhost 时使用 IPv6,鉴于上述 pg_hba.conf 指定 ident,将返回密码提示。
然而,当指定 -h 127.0.0.1 时,它会强制 Postgres 使用 IPv4,在上面的配置中设置为 trust 并允许无密码访问。
答案
因此答案是修改 pg_hba.conf 中的 IPv6 主机行以使用 trust:
# IPv6 local connections:
host all all ::1/128 trust
记得在更改配置后重新启动 Postgres 服务。
如果我说 -h localhost Postgres 不接受连接,但如果我说 -h 127.0.0.1
[root@5d9ca0effd7f opensips]# psql -U postgres -h localhost -W
Password for user postgres:
psql: FATAL: Ident authentication failed for user "postgres"
[root@5d9ca0effd7f opensips]# psql -U postgres -h 127.0.0.1 -W
Password for user postgres:
psql (8.4.20)
Type "help" for help.
postgres=#
我的/var/lib/pgsql/data/pg_hba.conf
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
local all all ident
# IPv4 local connections:
host all all 127.0.0.1/32 trust
host all all 127.0.0.1/32 ident
# IPv6 local connections:
host all all ::1/128 ident
如果我添加以下行,那么 Postgres 服务 failed 将启动:
host all all localhost ident
host all all localhost trust
怎么了?
更新
我的 /etc/hosts 文件:
[root@5d9ca0effd7f opensips]# cat /etc/hosts
172.17.0.2 5d9ca0effd7f
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
在 pg_hba.conf 中,第一个匹配项 计数。 The manual:
The first record with a matching connection type, client address, requested database, and user name is used to perform authentication. There is no "fall-through" or "backup": if one record is chosen and the authentication fails, subsequent records are not considered. If no record matches, access is denied.
注意相反的顺序:
host all all 127.0.0.1/32 trust
host all all 127.0.0.1/32 ident
但是:
host all all localhost ident
host all all localhost trust
记得在保存对 pg_hba.conf 的更改后 重新加载 。 (不需要重新启动。)The manual:
The
pg_hba.conffile is read on start-up and when the main server process receives aSIGHUPsignal. If you edit the file on an active system, you will need to signal the postmaster (usingpg_ctl reload, calling the SQL functionpg_reload_conf(), or usingkill -HUP) to make it re-read the file.
如果你真的像你写的那样“添加”这些行,应该不会有任何影响。但是如果你替换这些行,就会有。
在第一种情况下,您将获得 trust 身份验证方法,这是一种开门政策。 The manual:
PostgreSQL assumes that anyone who can connect to the server is authorized to access the database with whatever database user name they specify (even superuser names)
但在第二种情况下,您会得到 ident authentication method,必须正确设置它才能工作。
此外,localhost 涵盖 IPv4 和 IPv6,而 127.0.0.1/32 仅适用于 IPv4。
如果您实际使用的是过时的 8.4 版本,请转到 old manual for 8.4. You are aware that 8.4 has reached EOL in 2014 不再支持?考虑升级到当前版本。
在 Postgres 9.1 或更高版本中,您宁愿使用 peer 而不是 ident.
更多:
- Run batch file with psql command without password
问题
Postgres 可能会在指定 -h localhost 时使用 IPv6,鉴于上述 pg_hba.conf 指定 ident,将返回密码提示。
然而,当指定 -h 127.0.0.1 时,它会强制 Postgres 使用 IPv4,在上面的配置中设置为 trust 并允许无密码访问。
答案
因此答案是修改 pg_hba.conf 中的 IPv6 主机行以使用 trust:
# IPv6 local connections:
host all all ::1/128 trust
记得在更改配置后重新启动 Postgres 服务。