You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@hawq.apache.org by Wenbin Lu <lu...@gmail.com> on 2016/12/27 16:37:06 UTC
HAWQ ident authentication
Dear all,
Does HAWQ support ident authentication?
According to
http://hdb.docs.pivotal.io/210/hawq/clientaccess/client_auth.html, HAWQ
supports all authentication methods in postgrel 9.0, which includes the
ident.
I tried to follow
https://www.postgresql.org/docs/9.0/static/auth-pg-hba-conf.html and
https://www.postgresql.org/docs/9.0/static/auth-pg-hba-conf.html
The two files:
*pg_hba.conf:*
local all gpadmin ident
host all gpadmin 127.0.0.1/28 trust
host all gpadmin ::1/128 trust
host all gpadmin 172.101.105.61/32 trust
host all gpadmin fe80::250:56ff:fea5:d08d/128 trust
host all gpadmin 172.101.105.60/32 trust
#host all user1 172.101.105.61/32 trust
#host all user1 172.101.105.60/32 trust
*local all all 127.0.0.1/28 <http://127.0.0.1/28>
ident map=omicron*
#local all user1 ident
#host all user1 127.0.0.1/28 trust
*pg_ident.conf*
omicron user1 gpadmin
When I use *hawq restart cluster*, the start hangs at start master, not
proceed.
If I uncomment the lines in pg_hba.conf and delete the ident lines, the
restart works find and I can use psql -U user1 to login.
Is there any error with the ways I config for ident authentication?
And another question, what is the best way to add a user to HAWQ?
My way is:
user1 is Linux local account
1) use createuser -s -l user1
2) add user1 into pg_hba.conf, the commented lines above
Is this the correct way?
Thanks!
Regards,
Lu Wenbin
Re: HAWQ ident authentication
Posted by Wenbin Lu <lu...@gmail.com>.
Hi Yuwei,
Thanks, that works.
Regards,
Lu Wenbin
On Wed, Dec 28, 2016 at 11:42 AM, yuwei.sung@gmail.com <yuwei.sung@gmail.com
> wrote:
> Local doesn't need cidr
> Remove 127.0.0.0/28
>
> On Tue, Dec 27, 2016 at 8:19 PM Wenbin Lu <lu...@gmail.com> wrote:
>
>> Hi,
>>
>> I removed the equal sign,
>>
>> Still got the error from log:
>> "
>> 2016-12-28 02:06:36.651424 GMT,,,p328627,th-2018600672 <(201)%20860-0672>
>> ,,,,0,,,seg-10000,,,,,"LOG","F0000","invalid authentication method ""
>> 127.0.0.1/28""",,,,,"line 85 of configuration file
>> ""/data/hawq/master/pg_hba.conf""",,0,,"hba.c",1097,
>> 2016-12-28 02:06:36.651543 GMT,,,p328627,th-2018600672 <(201)%20860-0672>
>> ,,,,0,,,seg-10000,,,,,"FATAL","XX000","could not load
>> pg_hba.conf",,,,,,,0,,"postmaster.c",1446,
>> "
>>
>> line 85 is:
>> *local all all 127.0.0.1/28
>> <http://127.0.0.1/28> ident omicron*
>>
>> After I remove the line, HAWQ is able to start.
>>
>> Please help to identify what is the correct syntax to use ident
>> authentication for HAWQ.
>>
>> Thanks!
>>
>> Regards,
>> Lu Wenbin
>>
>> On Wed, Dec 28, 2016 at 3:52 AM, Marshall Presser <mp...@pivotal.io>
>> wrote:
>>
>> Lu,
>>
>> The syntax for the map keyword seems to be different in the postgesql 8.3
>> documentation than in the 9.0 documentation.
>>
>> https://www.postgresql.org/docs/8.3/static/auth-pg-hba-conf.html
>>
>> # TYPE DATABASE USER CIDR-ADDRESS METHOD
>>
>> host all all 192.168.0.0/16 ident omicron
>>
>> What happens if you remove the equal sign in the file?
>> MEP
>>
>> On Tue, Dec 27, 2016 at 11:37 AM, Wenbin Lu <lu...@gmail.com>
>> wrote:
>>
>> Dear all,
>>
>> Does HAWQ support ident authentication?
>> According to http://hdb.docs.pivotal.io/210/hawq/clientaccess/client_
>> auth.html, HAWQ supports all authentication methods in postgrel 9.0,
>> which includes the ident.
>>
>> I tried to follow https://www.postgresql.org/docs/9.0/static/auth-pg-
>> hba-conf.html and https://www.postgresql.org/docs/9.0/static/auth-pg-
>> hba-conf.html
>>
>> The two files:
>> *pg_hba.conf:*
>> local all gpadmin ident
>> host all gpadmin 127.0.0.1/28 trust
>> host all gpadmin ::1/128 trust
>> host all gpadmin 172.101.105.61/32 trust
>> host all gpadmin fe80::250:56ff:fea5:d08d/128 trust
>> host all gpadmin 172.101.105.60/32 trust
>> #host all user1 172.101.105.61/32 trust
>> #host all user1 172.101.105.60/32 trust
>> *local all all 127.0.0.1/28 <http://127.0.0.1/28>
>> ident map=omicron*
>> #local all user1 ident
>> #host all user1 127.0.0.1/28 trust
>>
>> *pg_ident.conf*
>> omicron user1 gpadmin
>>
>> When I use *hawq restart cluster*, the start hangs at start master, not
>> proceed.
>> If I uncomment the lines in pg_hba.conf and delete the ident lines, the
>> restart works find and I can use psql -U user1 to login.
>>
>> Is there any error with the ways I config for ident authentication?
>>
>> And another question, what is the best way to add a user to HAWQ?
>> My way is:
>> user1 is Linux local account
>> 1) use createuser -s -l user1
>> 2) add user1 into pg_hba.conf, the commented lines above
>>
>> Is this the correct way?
>>
>> Thanks!
>>
>> Regards,
>> Lu Wenbin
>>
>>
>>
>>
>>
>> --
>> Marshall Presser
>> Pivotal Data Engineering
>> mpresser@pivotal <mp...@gopivotal.com>.io
>> 240.401.1750 <(240)%20401-1750>
>>
>>
>>
>>
>>
>>
>>
>>
>>
Re: HAWQ ident authentication
Posted by "yuwei.sung@gmail.com" <yu...@gmail.com>.
Local doesn't need cidr
Remove 127.0.0.0/28
On Tue, Dec 27, 2016 at 8:19 PM Wenbin Lu <lu...@gmail.com> wrote:
> Hi,
>
> I removed the equal sign,
>
> Still got the error from log:
> "
> 2016-12-28 02:06:36.651424
> GMT,,,p328627,th-2018600672,,,,0,,,seg-10000,,,,,"LOG","F0000","invalid
> authentication method ""127.0.0.1/28""",,,,,"line 85 of configuration
> file ""/data/hawq/master/pg_hba.conf""",,0,,"hba.c",1097,
> 2016-12-28 02:06:36.651543
> GMT,,,p328627,th-2018600672,,,,0,,,seg-10000,,,,,"FATAL","XX000","could not
> load pg_hba.conf",,,,,,,0,,"postmaster.c",1446,
> "
>
> line 85 is:
> *local all all 127.0.0.1/28 <http://127.0.0.1/28>
> ident omicron*
>
> After I remove the line, HAWQ is able to start.
>
> Please help to identify what is the correct syntax to use ident
> authentication for HAWQ.
>
> Thanks!
>
> Regards,
> Lu Wenbin
>
> On Wed, Dec 28, 2016 at 3:52 AM, Marshall Presser <mp...@pivotal.io>
> wrote:
>
> Lu,
>
> The syntax for the map keyword seems to be different in the postgesql 8.3
> documentation than in the 9.0 documentation.
>
> https://www.postgresql.org/docs/8.3/static/auth-pg-hba-conf.html
>
> # TYPE DATABASE USER CIDR-ADDRESS METHOD
>
> host all all 192.168.0.0/16 ident omicron
>
> What happens if you remove the equal sign in the file?
> MEP
>
> On Tue, Dec 27, 2016 at 11:37 AM, Wenbin Lu <lu...@gmail.com> wrote:
>
> Dear all,
>
> Does HAWQ support ident authentication?
> According to
> http://hdb.docs.pivotal.io/210/hawq/clientaccess/client_auth.html, HAWQ
> supports all authentication methods in postgrel 9.0, which includes the
> ident.
>
> I tried to follow
> https://www.postgresql.org/docs/9.0/static/auth-pg-hba-conf.html and
> https://www.postgresql.org/docs/9.0/static/auth-pg-hba-conf.html
>
> The two files:
> *pg_hba.conf:*
> local all gpadmin ident
> host all gpadmin 127.0.0.1/28 trust
> host all gpadmin ::1/128 trust
> host all gpadmin 172.101.105.61/32 trust
> host all gpadmin fe80::250:56ff:fea5:d08d/128 trust
> host all gpadmin 172.101.105.60/32 trust
> #host all user1 172.101.105.61/32 trust
> #host all user1 172.101.105.60/32 trust
> *local all all 127.0.0.1/28 <http://127.0.0.1/28>
> ident map=omicron*
> #local all user1 ident
> #host all user1 127.0.0.1/28 trust
>
> *pg_ident.conf*
> omicron user1 gpadmin
>
> When I use *hawq restart cluster*, the start hangs at start master, not
> proceed.
> If I uncomment the lines in pg_hba.conf and delete the ident lines, the
> restart works find and I can use psql -U user1 to login.
>
> Is there any error with the ways I config for ident authentication?
>
> And another question, what is the best way to add a user to HAWQ?
> My way is:
> user1 is Linux local account
> 1) use createuser -s -l user1
> 2) add user1 into pg_hba.conf, the commented lines above
>
> Is this the correct way?
>
> Thanks!
>
> Regards,
> Lu Wenbin
>
>
>
>
>
> --
> Marshall Presser
> Pivotal Data Engineering
> mpresser@pivotal <mp...@gopivotal.com>.io
> 240.401.1750 <(240)%20401-1750>
>
>
>
>
>
>
>
>
>
Re: HAWQ ident authentication
Posted by Wenbin Lu <lu...@gmail.com>.
Hi,
I removed the equal sign,
Still got the error from log:
"
2016-12-28 02:06:36.651424
GMT,,,p328627,th-2018600672,,,,0,,,seg-10000,,,,,"LOG","F0000","invalid
authentication method ""127.0.0.1/28""",,,,,"line 85 of configuration file
""/data/hawq/master/pg_hba.conf""",,0,,"hba.c",1097,
2016-12-28 02:06:36.651543
GMT,,,p328627,th-2018600672,,,,0,,,seg-10000,,,,,"FATAL","XX000","could not
load pg_hba.conf",,,,,,,0,,"postmaster.c",1446,
"
line 85 is:
*local all all 127.0.0.1/28 <http://127.0.0.1/28>
ident omicron*
After I remove the line, HAWQ is able to start.
Please help to identify what is the correct syntax to use ident
authentication for HAWQ.
Thanks!
Regards,
Lu Wenbin
On Wed, Dec 28, 2016 at 3:52 AM, Marshall Presser <mp...@pivotal.io>
wrote:
> Lu,
>
> The syntax for the map keyword seems to be different in the postgesql 8.3
> documentation than in the 9.0 documentation.
>
> https://www.postgresql.org/docs/8.3/static/auth-pg-hba-conf.html
>
> # TYPE DATABASE USER CIDR-ADDRESS METHOD
> host all all 192.168.0.0/16 ident omicron
>
> What happens if you remove the equal sign in the file?
> MEP
>
> On Tue, Dec 27, 2016 at 11:37 AM, Wenbin Lu <lu...@gmail.com> wrote:
>
>> Dear all,
>>
>> Does HAWQ support ident authentication?
>> According to http://hdb.docs.pivotal.io/210/hawq/clientaccess/client_a
>> uth.html, HAWQ supports all authentication methods in postgrel 9.0,
>> which includes the ident.
>>
>> I tried to follow https://www.postgresql.org/docs/9.0/static/auth-pg-hb
>> a-conf.html and https://www.postgresql.org/docs/9.0/static/auth-pg-hba-
>> conf.html
>>
>> The two files:
>> *pg_hba.conf:*
>> local all gpadmin ident
>> host all gpadmin 127.0.0.1/28 trust
>> host all gpadmin ::1/128 trust
>> host all gpadmin 172.101.105.61/32 trust
>> host all gpadmin fe80::250:56ff:fea5:d08d/128 trust
>> host all gpadmin 172.101.105.60/32 trust
>> #host all user1 172.101.105.61/32 trust
>> #host all user1 172.101.105.60/32 trust
>> *local all all 127.0.0.1/28 <http://127.0.0.1/28>
>> ident map=omicron*
>> #local all user1 ident
>> #host all user1 127.0.0.1/28 trust
>>
>> *pg_ident.conf*
>> omicron user1 gpadmin
>>
>> When I use *hawq restart cluster*, the start hangs at start master, not
>> proceed.
>> If I uncomment the lines in pg_hba.conf and delete the ident lines, the
>> restart works find and I can use psql -U user1 to login.
>>
>> Is there any error with the ways I config for ident authentication?
>>
>> And another question, what is the best way to add a user to HAWQ?
>> My way is:
>> user1 is Linux local account
>> 1) use createuser -s -l user1
>> 2) add user1 into pg_hba.conf, the commented lines above
>>
>> Is this the correct way?
>>
>> Thanks!
>>
>> Regards,
>> Lu Wenbin
>>
>
>
>
> --
> Marshall Presser
> Pivotal Data Engineering
> mpresser@pivotal <mp...@gopivotal.com>.io
> 240.401.1750 <(240)%20401-1750>
>
>
Re: HAWQ ident authentication
Posted by Marshall Presser <mp...@pivotal.io>.
Lu,
The syntax for the map keyword seems to be different in the postgesql 8.3
documentation than in the 9.0 documentation.
https://www.postgresql.org/docs/8.3/static/auth-pg-hba-conf.html
# TYPE DATABASE USER CIDR-ADDRESS METHOD
host all all 192.168.0.0/16 ident omicron
What happens if you remove the equal sign in the file?
MEP
On Tue, Dec 27, 2016 at 11:37 AM, Wenbin Lu <lu...@gmail.com> wrote:
> Dear all,
>
> Does HAWQ support ident authentication?
> According to http://hdb.docs.pivotal.io/210/hawq/clientaccess/client_
> auth.html, HAWQ supports all authentication methods in postgrel 9.0,
> which includes the ident.
>
> I tried to follow https://www.postgresql.org/docs/9.0/static/auth-pg-
> hba-conf.html and https://www.postgresql.org/docs/9.0/static/auth-pg-
> hba-conf.html
>
> The two files:
> *pg_hba.conf:*
> local all gpadmin ident
> host all gpadmin 127.0.0.1/28 trust
> host all gpadmin ::1/128 trust
> host all gpadmin 172.101.105.61/32 trust
> host all gpadmin fe80::250:56ff:fea5:d08d/128 trust
> host all gpadmin 172.101.105.60/32 trust
> #host all user1 172.101.105.61/32 trust
> #host all user1 172.101.105.60/32 trust
> *local all all 127.0.0.1/28 <http://127.0.0.1/28>
> ident map=omicron*
> #local all user1 ident
> #host all user1 127.0.0.1/28 trust
>
> *pg_ident.conf*
> omicron user1 gpadmin
>
> When I use *hawq restart cluster*, the start hangs at start master, not
> proceed.
> If I uncomment the lines in pg_hba.conf and delete the ident lines, the
> restart works find and I can use psql -U user1 to login.
>
> Is there any error with the ways I config for ident authentication?
>
> And another question, what is the best way to add a user to HAWQ?
> My way is:
> user1 is Linux local account
> 1) use createuser -s -l user1
> 2) add user1 into pg_hba.conf, the commented lines above
>
> Is this the correct way?
>
> Thanks!
>
> Regards,
> Lu Wenbin
>
--
Marshall Presser
Pivotal Data Engineering
mpresser@pivotal <mp...@gopivotal.com>.io
240.401.1750