hawq-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "yuwei.sung@gmail.com" <yuwei.s...@gmail.com>
Subject Re: HAWQ ident authentication
Date Wed, 28 Dec 2016 03:42:02 GMT
Local doesn't need cidr
Remove 127.0.0.0/28

On Tue, Dec 27, 2016 at 8:19 PM Wenbin Lu <luwenbin888@gmail.com> wrote:

> Hi,
>
> I removed the equal sign,
>
> Still got the error from log:
> "
> 2016-12-28 02:06:36.651424
> GMT,,,p328627,th-2018600672,,,,0,,,seg-10000,,,,,"LOG","F0000","invalid
> authentication method ""127.0.0.1/28""",,,,,"line 85 of configuration
> file ""/data/hawq/master/pg_hba.conf""",,0,,"hba.c",1097,
> 2016-12-28 02:06:36.651543
> GMT,,,p328627,th-2018600672,,,,0,,,seg-10000,,,,,"FATAL","XX000","could not
> load pg_hba.conf",,,,,,,0,,"postmaster.c",1446,
> "
>
> line 85 is:
> *local   all          all             127.0.0.1/28 <http://127.0.0.1/28>
>  ident omicron*
>
> After I remove the line, HAWQ is able to start.
>
> Please help to identify what is the correct syntax to use ident
> authentication for HAWQ.
>
> Thanks!
>
> Regards,
> Lu Wenbin
>
> On Wed, Dec 28, 2016 at 3:52 AM, Marshall Presser <mpresser@pivotal.io>
> wrote:
>
> Lu,
>
> The syntax for the map keyword seems to be different in the postgesql 8.3
> documentation than in the 9.0 documentation.
>
> https://www.postgresql.org/docs/8.3/static/auth-pg-hba-conf.html
>
> # TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
>
> host    all         all         192.168.0.0/16        ident omicron
>
> What happens if you remove the equal sign in the file?
> MEP
>
> On Tue, Dec 27, 2016 at 11:37 AM, Wenbin Lu <luwenbin888@gmail.com> wrote:
>
> Dear all,
>
> Does HAWQ support ident authentication?
> According to
> http://hdb.docs.pivotal.io/210/hawq/clientaccess/client_auth.html, HAWQ
> supports all authentication methods in postgrel 9.0, which includes the
> ident.
>
> I tried to follow
> https://www.postgresql.org/docs/9.0/static/auth-pg-hba-conf.html and
> https://www.postgresql.org/docs/9.0/static/auth-pg-hba-conf.html
>
> The two files:
> *pg_hba.conf:*
> local    all         gpadmin         ident
> host     all         gpadmin         127.0.0.1/28    trust
> host  all     gpadmin    ::1/128       trust
> host  all     gpadmin    172.101.105.61/32       trust
> host  all     gpadmin    fe80::250:56ff:fea5:d08d/128       trust
> host  all     gpadmin    172.101.105.60/32       trust
> #host  all     user1    172.101.105.61/32       trust
> #host  all     user1   172.101.105.60/32       trust
> *local   all          all             127.0.0.1/28 <http://127.0.0.1/28>
>  ident map=omicron*
> #local   all          user1         ident
> #host    all          user1         127.0.0.1/28    trust
>
> *pg_ident.conf*
> omicron         user1                gpadmin
>
> When I use *hawq restart cluster*, the start hangs at start master, not
> proceed.
> If I uncomment the lines in pg_hba.conf and delete the ident lines, the
> restart works find and I can use psql -U user1 to login.
>
> Is there any error with the ways I config for ident authentication?
>
> And another question, what is the best way to add a user to HAWQ?
> My way is:
> user1 is Linux local account
> 1) use createuser -s -l user1
> 2) add user1 into pg_hba.conf, the commented lines above
>
> Is this the correct way?
>
> Thanks!
>
> Regards,
> Lu Wenbin
>
>
>
>
>
> --
> Marshall Presser
> Pivotal Data Engineering
> mpresser@pivotal <mpresser@gopivotal.com>.io
> 240.401.1750 <(240)%20401-1750>
>
>
>
>
>
>
>
>
>

Mime
View raw message