stackoom
  简体   繁体   中英

How does Postgres host based authentication work?

 原文  2019-04-23 05:23:45       postgresql/ dspace/ pg-hba.conf

Question

I am installing DSPACE which needs PostgresSQL.

Please see this link: DSPACE INSTALL

It says:

Then tighten up security a bit by editing pg_hba.conf and adding this line: 

 host dspace dspace 127.0.0.1 255.255.255.255 md5.

I have read on the internet as to how the above line works. It needs a connection type followed by database name/user name followed by IP address and the authentication scheme.

My question is: Should this not be a local (in place of host) connection since the dspace user is running locally?

Can someone show me step by step as to what happens when a request comes in? Where are the instructions that the dspace user will submit a request using md5?

2 answers

solution1
 2 ACCPTED  2019-04-24 00:17:31

DSpace uses JDBC, so local won't work for it. Here local means a completely different kind of inter-process connection that has nothing to do with IP and can only address local processes: Unix sockets. JDBC uses only IP, so DSpace needs a host descriptor.

That period at the end of the line is not supposed to be part of it. The documentation was unclear there -- I've fixed it.

As Laurenz Albe noted, DSpace doesn't specify that MD5 password hashes be used. The PostgreSQL server controls which methods will be tried, based on what you specify in pg_hba.conf .

solution2
 1  2019-04-23 07:55:41

First, there is a . at the end of your pg_hba.conf line. That is a syntax error.

Whether to use local or host depends on

  • what API this DSPACE is using (JDBC, for example, allows no UNIX socket connections)

  • what connection string DSPACE is using

If you can specify a socket directory as host name, you can probably use UNIX sockets, which would be more efficient.

If DSPACE uses a driver that supports md5 authentication, the procedure is like this:

  • client sends server a connect packet with user and database

  • server requests md5 authentication and sends a random "salt" string

  • client computes an MD5 hash of the password with the salt from the server and sends the result to the server

  • server verifies that the hash is correct

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to select items from one table based on HABTM relation in another? Postgres “ALL” does not work, How does WHERE work with empty subqueries in Postgres? how does memory allocation for postgres work? How does the role assignment work in Postgres Operator? Postgres NOT IN does not work as expected How does user authentication work in Postgresql How does bitwise_and work in Postgres 9.4 and Hibernate 5 How does postgres query planner work on partitioned tables? How does postgres db_link_build_sql_insert work? Why does this work with Mysql but not Postgres
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM