info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
pgsql-jdbc and ident
27 views
Skip to first unread message
Matt Rose
Mar 1, 2013, 11:04:59 AM3/1/13
to
I am having the oddest problem with postgresql-9.2-1002.jdbc3.jar doing
ident authentication against postgresql-9.2.3
I have in my pg_ident.conf the following entries
# MAPNAME SYSTEM-USERNAME PG-USERNAME
nusers root postgres
nusers root sqlrelay
nusers nable sqlrelay
and pg_hba.conf has the following entry.
host all all 127.0.0.1/32 ident map=nusers
and when I test the following configuration with psql, everything works
perfectly:
[root@localhost]# psql mickey sqlrelay -h 127.0.0.1
psql (9.2.2)
Type "help" for help.
mickey=>
and I can even see the identd server getting the ident auth request from
postgresql and return the correct string
Mar 1 10:46:58 localhost oidentd[31730]: Connection from localhost
(127.0.0.1):56502
Mar 1 10:46:58 localhost oidentd[31730]: [localhost] Successful lookup:
37704 , 5432 : root (root)
However, when I try and connect with a simple jdbc tester that I made, I
get the following.
[root@localhost]# java -jar /home/admin/pgtest.jar
Running as user 'root'
postgresql JDBC Driver Registered!
SQLException: FATAL: Ident authentication failed for user "sqlrelay"
SQLState: 28000
VendorError: 0
Exception in thread "main" java.lang.NullPointerException
at
net.folkwolf.PostgreSQLJDBCDriverTest.main(PostgreSQLJDBCDriverTest.java:35)
and even in the logs I see that, even tho the JDBC is authenticating as
root, the ident server is returning NO-USER
Mar 1 10:48:14 localhost oidentd[31745]: Connection from localhost
(127.0.0.1):42316
Mar 1 10:48:14 localhost postgres[31744]: [64-1] LOG: 00000: invalidly
formatted response from Ident server: "37705,5432:ERROR:NO-USER#015
Mar 1 10:48:14 localhost postgres[31744]: [64-2] #011"
Mar 1 10:48:14 localhost postgres[31744]: [64-3] LOCATION: ident_inet,
auth.c:1743
Mar 1 10:48:14 localhost postgres[31744]: [65-1] FATAL: 28000: Ident
authentication failed for user "sqlrelay"
Mar 1 10:48:14 localhost postgres[31744]: [65-2] LOCATION:
auth_failed, auth.c:302
I've tried both kinds of connection calls, both the
conn =
DriverManager.getConnection("jdbc:postgresql://127.0.0.1:5432/mickey",
"sqlrelay",null);
and
conn =
DriverManager.getConnection("jdbc:postgresql://127.0.0.1:5432/mickey?user=sqlrelay");
with identical results. Can anyone help me figure out what I'm missing here?
--
Matt Rose, Systems Engineer, N-able Technologies: mr...@n-able.com
--
Sent via pgsql-jdbc mailing list (pgsql...@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-jdbc
ident authentication against postgresql-9.2.3
I have in my pg_ident.conf the following entries
# MAPNAME SYSTEM-USERNAME PG-USERNAME
nusers root postgres
nusers root sqlrelay
nusers nable sqlrelay
and pg_hba.conf has the following entry.
host all all 127.0.0.1/32 ident map=nusers
and when I test the following configuration with psql, everything works
perfectly:
[root@localhost]# psql mickey sqlrelay -h 127.0.0.1
psql (9.2.2)
Type "help" for help.
mickey=>
and I can even see the identd server getting the ident auth request from
postgresql and return the correct string
Mar 1 10:46:58 localhost oidentd[31730]: Connection from localhost
(127.0.0.1):56502
Mar 1 10:46:58 localhost oidentd[31730]: [localhost] Successful lookup:
37704 , 5432 : root (root)
However, when I try and connect with a simple jdbc tester that I made, I
get the following.
[root@localhost]# java -jar /home/admin/pgtest.jar
Running as user 'root'
postgresql JDBC Driver Registered!
SQLException: FATAL: Ident authentication failed for user "sqlrelay"
SQLState: 28000
VendorError: 0
Exception in thread "main" java.lang.NullPointerException
at
net.folkwolf.PostgreSQLJDBCDriverTest.main(PostgreSQLJDBCDriverTest.java:35)
and even in the logs I see that, even tho the JDBC is authenticating as
root, the ident server is returning NO-USER
Mar 1 10:48:14 localhost oidentd[31745]: Connection from localhost
(127.0.0.1):42316
Mar 1 10:48:14 localhost postgres[31744]: [64-1] LOG: 00000: invalidly
formatted response from Ident server: "37705,5432:ERROR:NO-USER#015
Mar 1 10:48:14 localhost postgres[31744]: [64-2] #011"
Mar 1 10:48:14 localhost postgres[31744]: [64-3] LOCATION: ident_inet,
auth.c:1743
Mar 1 10:48:14 localhost postgres[31744]: [65-1] FATAL: 28000: Ident
authentication failed for user "sqlrelay"
Mar 1 10:48:14 localhost postgres[31744]: [65-2] LOCATION:
auth_failed, auth.c:302
I've tried both kinds of connection calls, both the
conn =
DriverManager.getConnection("jdbc:postgresql://127.0.0.1:5432/mickey",
"sqlrelay",null);
and
conn =
DriverManager.getConnection("jdbc:postgresql://127.0.0.1:5432/mickey?user=sqlrelay");
with identical results. Can anyone help me figure out what I'm missing here?
--
Matt Rose, Systems Engineer, N-able Technologies: mr...@n-able.com
--
Sent via pgsql-jdbc mailing list (pgsql...@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-jdbc
dmp
Mar 2, 2013, 2:56:59 PM3/2/13
to
Hello Matt,
Have you looked through the archive for ident authorizations with the pgJDBC?
If that turns up no results please post ident quthorization with the JDBC to
the server PostgreSQL forum. Else see if someone else replays that knows more.
I can duplicate your problem and have tracked the return from the initial
sendStartupPacket() in v3/ConnectionFactoryImpl to 'E' for doAuthentication().
This would imply to me that the server does not recognize the operating
system user as required in the pg_ident.conf for your user, root, to be
sqlrelay. I not sure this is even being communicated to the server from
pgJDBC for authorization with ident, in your test case.
Please also look through the manual to see if other parameters can be sent
to the server to indicate the operating system user in the connection string.
danap.
Have you looked through the archive for ident authorizations with the pgJDBC?
If that turns up no results please post ident quthorization with the JDBC to
the server PostgreSQL forum. Else see if someone else replays that knows more.
I can duplicate your problem and have tracked the return from the initial
sendStartupPacket() in v3/ConnectionFactoryImpl to 'E' for doAuthentication().
This would imply to me that the server does not recognize the operating
system user as required in the pg_ident.conf for your user, root, to be
sqlrelay. I not sure this is even being communicated to the server from
pgJDBC for authorization with ident, in your test case.
Please also look through the manual to see if other parameters can be sent
to the server to indicate the operating system user in the connection string.
danap.
Ian Pilcher
Mar 3, 2013, 10:49:49 PM3/3/13
to
On 03/01/2013 10:04 AM, Matt Rose wrote:
> I am having the oddest problem with postgresql-9.2-1002.jdbc3.jar doing
> ident authentication against postgresql-9.2.3
Your ident server might be having a problem recognizing IPv6
> I am having the oddest problem with postgresql-9.2-1002.jdbc3.jar doing
> ident authentication against postgresql-9.2.3
connections, including "IPv4-mapped IPv6 addresses" (see
http://en.wikipedia.org/wiki/IPv6#IPv4-mapped_IPv6_addresses).
Try running your program with -Djava.net.preferIPv4Stack=true to
determine if your problem is IPv6-related.
--
========================================================================
Ian Pilcher arequ...@gmail.com
Sometimes there's nothing left to do but crash and burn...or die trying.
========================================================================
Matt Rose
Mar 4, 2013, 10:11:11 AM3/4/13
to
On Sun, Mar 03, 2013 at 10:49:49PM -0500, Ian Pilcher wrote:
> On 03/01/2013 10:04 AM, Matt Rose wrote:
> > I am having the oddest problem with postgresql-9.2-1002.jdbc3.jar doing
> > ident authentication against postgresql-9.2.3
>
> Your ident server might be having a problem recognizing IPv6
> connections, including "IPv4-mapped IPv6 addresses" (see
> http://en.wikipedia.org/wiki/IPv6#IPv4-mapped_IPv6_addresses).
>
> Try running your program with -Djava.net.preferIPv4Stack=true to
> determine if your problem is IPv6-related.
Thank you, that was the problem.
> On 03/01/2013 10:04 AM, Matt Rose wrote:
> > I am having the oddest problem with postgresql-9.2-1002.jdbc3.jar doing
> > ident authentication against postgresql-9.2.3
>
> Your ident server might be having a problem recognizing IPv6
> connections, including "IPv4-mapped IPv6 addresses" (see
> http://en.wikipedia.org/wiki/IPv6#IPv4-mapped_IPv6_addresses).
>
> Try running your program with -Djava.net.preferIPv4Stack=true to
> determine if your problem is IPv6-related.
[root@localhost ~]# java -jar /home/admin/pgtest.jar
Running as user 'root'
postgresql JDBC Driver Registered!
SQLException: FATAL: Ident authentication failed for user "sqlrelay"
SQLState: 28000
VendorError: 0
Exception in thread "main" java.lang.NullPointerException
at
net.folkwolf.PostgreSQLJDBCDriverTest.main(PostgreSQLJDBCDriverTest.java:35)
[root@localhost ~]# java -jar -Djava.net.preferIPv4Stack=true
postgresql JDBC Driver Registered!
SQLException: FATAL: Ident authentication failed for user "sqlrelay"
SQLState: 28000
VendorError: 0
Exception in thread "main" java.lang.NullPointerException
at
net.folkwolf.PostgreSQLJDBCDriverTest.main(PostgreSQLJDBCDriverTest.java:35)
/home/admin/pgtest.jar
Running as user 'root'
postgresql JDBC Driver Registered!
For some reason, even if you specify an ipv4 address in the connection
Running as user 'root'
postgresql JDBC Driver Registered!
url, the jdbc driver only connects successfully over ipv6.
I have some ideas as to why this happens, but I can mull them over
later. Thanks again.
NB: Also, when I configure my ident server to listen to ipv6, and add
an ident map to pg_hba.conf to listen to ipv6 localhost, it also works.
Matt
>
> --
> ========================================================================
> Ian Pilcher arequ...@gmail.com
> Sometimes there's nothing left to do but crash and burn...or die trying.
> ========================================================================
>
>
>
> --
> Sent via pgsql-jdbc mailing list (pgsql...@postgresql.org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-jdbc
0 new messages