postgresql Postgres 不允许 localhost 但适用于 127.0.0.1
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/29802440/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Postgres not allowing localhost but works with 127.0.0.1
提问by Satish
Postgres not accepting connection if I say -h localhostbut it works if I say -h 127.0.0.1
如果我说 Postgres 不接受连接,-h localhost但如果我说它可以工作-h 127.0.0.1
[root@5d9ca0effd7f opensips]# psql -U postgres -h localhost -W
Password for user postgres:
psql: FATAL: Ident authentication failed for user "postgres"
[root@5d9ca0effd7f opensips]# psql -U postgres -h 127.0.0.1 -W
Password for user postgres:
psql (8.4.20)
Type "help" for help.
postgres=#
My /var/lib/pgsql/data/pg_hba.conf
我的 /var/lib/pgsql/data/pg_hba.conf
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
local all all ident
# IPv4 local connections:
host all all 127.0.0.1/32 trust
host all all 127.0.0.1/32 ident
# IPv6 local connections:
host all all ::1/128 ident
If I add following line then Postgres service failedto start:
如果我添加以下行然后 Postgres 服务failed启动:
host all all localhost ident
host all all localhost trust
Wwhat is wrong there?
那里有什么问题?
Update
更新
My /etc/hostsfile:
我的/etc/hosts文件:
[root@5d9ca0effd7f opensips]# cat /etc/hosts
172.17.0.2 5d9ca0effd7f
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
采纳答案by Erwin Brandstetter
In pg_hba.conf, the first matchcounts. Per documentation:
在 pg_hba.conf 中,第一个匹配很重要。根据文档:
The first record with a matching connection type, client address, requested database, and user name is used to perform authentication. There is no "fall-through" or "backup": if one record is chosen and the authentication fails, subsequent records are not considered. If no record matches, access is denied.
具有匹配连接类型、客户端地址、请求的数据库和用户名的第一条记录用于执行身份验证。没有“失败”或“备份”:如果选择了一条记录并且身份验证失败,则不考虑后续记录。如果没有记录匹配,则拒绝访问。
Note the reversed order:
注意相反的顺序:
host all all 127.0.0.1/32 trust
host all all 127.0.0.1/32 ident
But:
但:
host all all localhost ident
host all all localhost trust
Well, if you really "add" the lines like you wrote, there should not be any effect at all. But if you replacethe lines, there is.
好吧,如果您真的像您写的那样“添加”这些行,则根本不应该有任何影响。但是如果你更换线路,那就是。
In the first case, you get trustauthentication method, which is an open door policy. Per documentation:
在第一种情况下,您将获得trust身份验证方法,这是一种门户开放政策。根据文档:
PostgreSQL assumes that anyone who can connect to the server is authorized to access the database with whatever database user name they specify (even superuser names)
PostgreSQL 假设任何可以连接到服务器的人都有权使用他们指定的任何数据库用户名(甚至超级用户名)访问数据库
But in the second case you get the identauthentication method, which has to be set up properly to work.
但在第二种情况下,您将获得ident身份验证方法,必须正确设置才能工作。
If you are actually using the outdated version 8.4, go to the old manual for 8.4. You are aware that 8.4 has reached EOL in 2014and is not supported any more? Consider upgrading to a current version.
如果您实际上使用的是过时的 8.4 版本,请转到 8.4 的旧手册。您是否知道8.4 已于 2014 年停产,不再受支持?考虑升级到当前版本。
More:
更多的:
回答by Cas
The Problem
问题
Postgres will potentially use IPv6when specifying -h localhostwhich given the above pg_hba.confspecifies ident, a password prompt will be returned.
Postgres 可能会使用IPv6,当指定-h localhost给定上述pg_hba.conf指定时ident,将返回密码提示。
However when -h 127.0.0.1is specified, it forces Postgres to use IPv4, which is set to trustin above config and allows access without password.
但是,当-h 127.0.0.1指定时,它会强制 Postgres 使用IPv4,它trust在上面的配置中设置为并允许无密码访问。
The Answer
答案
Thus the answer is to modify the IPv6 host line in pg_hba.confto use trust:
因此,答案是修改 IPv6 主机行pg_hba.conf以使用trust:
# IPv6 local connections:
host all all ::1/128 trust
Remembering to restart the Postgres service after making config changes.
记住在进行配置更改后重新启动 Postgres 服务。
