Wednesday, September 4, 2013

Postgres - pg_hba.conf configuration

pg_hba.conf control the client authentication for Postgres Database.


So, if you encounter error message such as

FATAL: no pg_hba.conf entry for host "fe80::d12f:1a6e:1234:a9cd%20", user "postgres", database "postgres", SSL off

That simply mean your pg_hba.conf does not allow host name fe80::d12f:1a6e:1234:a9cd and user postgres to connect to database name postgres
To allow that, you need to add an entry to pg_hba.conf

Before doing that fe80::d12f:1a6e:1234:a9cd%20 is a IPv6 address. Furthermore, fe80 is a link local prefix. Link local address is automatically assigned when no static IP address is assigned to the interface. This is equivalent to for IPv4. You may notice that there is a %20 after the IPv6 address. In general, IPv6 zone format is Address%ZoneID. So, the above address zone id is 20 and this is use to identify the network interface for the address when you have multiple network interface in your machine or multiple network connection setting in your machine.

Now, to allow IPv6 client to connect to your Postgres Database, you can add the following lines

# TYPE        DATABASE        USER            ADDRESS                 METHOD
#Allow all database and user from all IPv6 address to connect via md5
host               all                          all                    ::0/0                                  md5

#Allow all database and user from all Link Local address to connect via md5
host               all                          all                    fe80::0/10                          md5

#Allow myuser to connect to mydb database from 2001:0db8:85a3:0000:0000:8a2e:0370:7334 via md5
host               mydb                  myuser        2001:0db8:85a3:0000:0000:8a2e:0370:7334        md5

No comments:

Post a Comment