hawq-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marshall Presser <mpres...@pivotal.io>
Subject Re: HAWQ ident authentication
Date Tue, 27 Dec 2016 19:52:54 GMT
Lu,

The syntax for the map keyword seems to be different in the postgesql 8.3
documentation than in the 9.0 documentation.

https://www.postgresql.org/docs/8.3/static/auth-pg-hba-conf.html

# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
host    all         all         192.168.0.0/16        ident omicron

What happens if you remove the equal sign in the file?
MEP

On Tue, Dec 27, 2016 at 11:37 AM, Wenbin Lu <luwenbin888@gmail.com> wrote:

> Dear all,
>
> Does HAWQ support ident authentication?
> According to http://hdb.docs.pivotal.io/210/hawq/clientaccess/client_
> auth.html, HAWQ supports all authentication methods in postgrel 9.0,
> which includes the ident.
>
> I tried to follow https://www.postgresql.org/docs/9.0/static/auth-pg-
> hba-conf.html and https://www.postgresql.org/docs/9.0/static/auth-pg-
> hba-conf.html
>
> The two files:
> *pg_hba.conf:*
> local    all         gpadmin         ident
> host     all         gpadmin         127.0.0.1/28    trust
> host  all     gpadmin    ::1/128       trust
> host  all     gpadmin    172.101.105.61/32       trust
> host  all     gpadmin    fe80::250:56ff:fea5:d08d/128       trust
> host  all     gpadmin    172.101.105.60/32       trust
> #host  all     user1    172.101.105.61/32       trust
> #host  all     user1   172.101.105.60/32       trust
> *local   all          all             127.0.0.1/28 <http://127.0.0.1/28>
>  ident map=omicron*
> #local   all          user1         ident
> #host    all          user1         127.0.0.1/28    trust
>
> *pg_ident.conf*
> omicron         user1                gpadmin
>
> When I use *hawq restart cluster*, the start hangs at start master, not
> proceed.
> If I uncomment the lines in pg_hba.conf and delete the ident lines, the
> restart works find and I can use psql -U user1 to login.
>
> Is there any error with the ways I config for ident authentication?
>
> And another question, what is the best way to add a user to HAWQ?
> My way is:
> user1 is Linux local account
> 1) use createuser -s -l user1
> 2) add user1 into pg_hba.conf, the commented lines above
>
> Is this the correct way?
>
> Thanks!
>
> Regards,
> Lu Wenbin
>



-- 
Marshall Presser
Pivotal Data Engineering
mpresser@pivotal <mpresser@gopivotal.com>.io
240.401.1750

Mime
View raw message