How does postgres host based authentication work?

Question 1

This is a duplicate of: https://stackoverflow.com/questions/55804806/how-does-postgres-host-based-authentication-work

(I was asked to shift this query to DBA.Stackexchange)

I am installing DSPACE which needs Postgresql.

Please see this link: DSPACE INSTALL

It says:

Then tighten up security a bit by editing pg_hba.conf and adding this line:
host dspace dspace 127.0.0.1 255.255.255.255 md5. 

I have read on the internet as to how the above line works. It needs a connection type followed by database name/user name followed by IP address and the authentication scheme.

My query is: Should this not be a local (in place of host) connection since the dspace user is running locally?

Can someone show me step by step as to what happens when a request comes in? Where are the instructions that the dspace user will submit a request using md5?

Question 2

A local connection uses a Unix-domain socket; a host connection uses TCP. The linked page says that

you need to enable TCP/IP connections (DSpace uses JDBC)

... because JDBC does not have built-in support for Unix-domain sockets.

As long as a connection is allowed only from localhost (as configured in pg_hba.conf) and only to localhost (as configued by listen_addresses), it is as secure as a local connection.

The md5 is just an option that specifies how the password is to be encrypted during the connection setup; this is handled automatically by the JDBC driver. For a local connection, or for a connection over SSL, this does not really matter.

Question 3

After some quick Googling, you might be able to use unix sockets with the Postgres JDBC driver version 9.4-1208 or higher. See postgresql.org/message-id/…

Question 4

@Colin'tHart The driver has a socket factory, but no Unix-domain socket implementation, and that would not be possible in Java without JNI.

Question 5

Seems doable: github.com/kohlschutter/junixsocket

CL. CL. 5,3351 gold badge23 silver badges23 bronze badges · Accepted Answer · 2019-04-23 07:21:30Z

A local connection uses a Unix-domain socket; a host connection uses TCP. The linked page says that

you need to enable TCP/IP connections (DSpace uses JDBC)

... because JDBC does not have built-in support for Unix-domain sockets.

As long as a connection is allowed only from localhost (as configured in pg_hba.conf) and only to localhost (as configued by listen_addresses), it is as secure as a local connection.

The md5 is just an option that specifies how the password is to be encrypted during the connection setup; this is handled automatically by the JDBC driver. For a local connection, or for a connection over SSL, this does not really matter.

After some quick Googling, you might be able to use unix sockets with the Postgres JDBC driver version 9.4-1208 or higher. See postgresql.org/message-id/…
@Colin'tHart The driver has a socket factory, but no Unix-domain socket implementation, and that would not be possible in Java without JNI.

Stack Exchange Network

How does postgres host based authentication work?

1 Answer 1

Your Answer

Sign up or log in

Post as a guest

Post as a guest

Hot Network Questions

How does postgres host based authentication work?

1 Answer 1

Your Answer

Sign up or log in

Post as a guest

Post as a guest

Related

Hot Network Questions