Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1soAFi-008m5o-DL
	for pgsql-general@arkaria.postgresql.org; Tue, 10 Sep 2024 23:26:31 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1soAFh-004XlN-V4
	for pgsql-general@arkaria.postgresql.org; Tue, 10 Sep 2024 23:26:29 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <david.g.johnston@gmail.com>)
	id 1soAFh-004XjW-KG
	for pgsql-general@lists.postgresql.org; Tue, 10 Sep 2024 23:26:29 +0000
Received: from mail-oa1-x2b.google.com ([2001:4860:4864:20::2b])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <david.g.johnston@gmail.com>)
	id 1soAFa-000Xro-9p
	for pgsql-general@lists.postgresql.org; Tue, 10 Sep 2024 23:26:29 +0000
Received: by mail-oa1-x2b.google.com with SMTP id 586e51a60fabf-277f19ee2a2so3338876fac.1
        for <pgsql-general@lists.postgresql.org>; Tue, 10 Sep 2024 16:26:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1726010780; x=1726615580; darn=lists.postgresql.org;
        h=cc:to:subject:message-id:date:from:references:in-reply-to
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=/GVdl7sgWYhphIJwvRa1azpk4psp/0EySNlus9I24ZE=;
        b=Km4PRfiqMqJ5xF5HaMsjnl2J1DkBrSHDl2P+oQjOIQLZmZFITXdQk6+IphS69gNde8
         z/qRGsRY5S6Iyybw2ImTKpSfsDvgZUyx8fmEwqwoPFz8/53khNcV8dVqhe6mI26WI7Vd
         f5MFLhX+spHU4f0uE/khhOtb7V4MaNjOsTzoG9qzgHJZ7dcUb27KCAgMrW3p/seBPnW1
         8wum8rIJG8IIt0IN8CXmeNREU55PhDkEL6C/N9nHMLjYHdZQ+yq/8pspE8LYRUe7kbFA
         bgHEAOgDxhSaRwENFpiIdGilTjoqENmlRyIVCF3dZMOiaHeDbW5tyheNxCRjisGHip8F
         RvKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1726010780; x=1726615580;
        h=cc:to:subject:message-id:date:from:references:in-reply-to
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=/GVdl7sgWYhphIJwvRa1azpk4psp/0EySNlus9I24ZE=;
        b=hQL/6+eSB0Im/+FKDKzPV4hMsJPm5VaQc1t5Ptupx8NLU/H7i95uc5+fLGWLATMvtV
         ytlG33Sy9EZhOqZBS4U9L1VwAK0i6/sjyDCPYA6NBC7Tb3ScLpyIL57okrEhTsw7TQb2
         nlrLFWqrbJgS3v2e7NORjGVUNRbsgoPJwmfna65W/jgW/htAzhoKGntpMi/fipfI5FTc
         SRfPS4fQxPukp+Dc8cje30HcjH6VgbUUC1lKKLrBrJCEKb+rgX7byScqSw74IAcdDBBl
         EwRD+FVcZ6hMvUzHudaCdPymGH8K8nkoviegd0iAfAgbEmuOtSa6Ksp5UNozXDMVBfie
         f4Ew==
X-Gm-Message-State: AOJu0Yx5g1f0+5B6HcUBFe4+EPdFEIdP77YsefkcHU6C2AYe53jUkd5V
	K4OXUxvt+iJUZDrHRQHIOnnyFHqebOKhHRX/WASiVNmJLiFv490K7hvx4AB1+Nr7gQ8tkmxFjo6
	aGsRsJ6tlsoVc1Z8mTsDuIOqiqqVNRvcY
X-Google-Smtp-Source: AGHT+IFmjSNBrFHF34NtXSOKEYy+03NvvGAyKeyrZ7NO+VwRmvjPcfcLnRQAt5lrw+L0sELJL/uUVtpfNCx8K0LNzN0=
X-Received: by 2002:a05:6870:c1d0:b0:277:d3c7:f7a1 with SMTP id
 586e51a60fabf-27b9daecf5dmr7335351fac.33.1726010780494; Tue, 10 Sep 2024
 16:26:20 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a05:6802:310:b0:557:c384:fb61 with HTTP; Tue, 10 Sep 2024
 16:26:19 -0700 (PDT)
In-Reply-To: <1738731565.8400.1726010470879.JavaMail.zimbra@tryx.org>
References: <172601029329.1028.17318986799853058856@malur.postgresql.org> <1738731565.8400.1726010470879.JavaMail.zimbra@tryx.org>
From: "David G. Johnston" <david.g.johnston@gmail.com>
Date: Tue, 10 Sep 2024 16:26:19 -0700
Message-ID: <CAKFQuwbpdwCxDgY5cjDh-8uneNA010BLfd8TEGF5BJOksxRtbg@mail.gmail.com>
Subject: Re: Test mail for pgsql-general
To: Chris Miller <cjm@tryx.org>
Cc: pgsql-general <pgsql-general@lists.postgresql.org>
Content-Type: multipart/alternative; boundary="0000000000007333440621cc33c8"
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/CAKFQuwbpdwCxDgY5cjDh-8uneNA010BLfd8TEGF5BJOksxRtbg%40mail.gmail.com>
Precedence: bulk

--0000000000007333440621cc33c8
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Tuesday, September 10, 2024, Chris Miller <cjm@tryx.org> wrote:

> Hi Folks,
>
> I am confused about authentication. I understand that in the local
> connection case, I have choices of =E2=80=9Cpeer=E2=80=9D, and =E2=80=9Cm=
d5=E2=80=9D (password).
>
>
> In pg_hba.conf, I have the lines:
>
>
> local all all peer
>
> local all all md5
>
>
The second line is pointless, the first three columns are compared against
the incoming connection host/user/dbname to find out how authentication
should be handled.  The first match wins.  So for every local connection
peer, and only peer, is going to be used since everything matches all/all.

There is no way to give a user a choice of how to authenticate.  There will
be one accepted option for a given set of connection values.

David J.

--0000000000007333440621cc33c8
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Tuesday, September 10, 2024, Chris Miller &lt;<a href=3D"mailto:cjm@tryx=
.org">cjm@tryx.org</a>&gt; wrote:<br><blockquote class=3D"gmail_quote" styl=
e=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><d=
iv style=3D"font-family:arial,helvetica,sans-serif;font-size:12pt;color:#00=
0000"><div>Hi Folks,<br></div><div><br></div><div><p style=3D"line-height:1=
00%;margin:0px">I am confused about authentication. I understand that in th=
e local connection case, I have choices of =E2=80=9Cpeer=E2=80=9D, and =E2=
=80=9Cmd5=E2=80=9D (password).</p><p style=3D"line-height:100%;margin:0px">=
<br></p><p style=3D"line-height:100%;margin:0px">In pg_hba.conf, I have the=
 lines:</p><p style=3D"line-height:100%;margin:0px"><br></p><p style=3D"lin=
e-height:100%;margin:0px;padding-left:40px"><span style=3D"font-family:Libe=
ration Mono,monospace">local all all peer</span></p><p style=3D"line-height=
:100%;margin:0px;padding-left:40px"><span style=3D"font-family:Liberation M=
ono,monospace">local all all md5</span></p><p style=3D"line-height:100%;mar=
gin:0px;padding-left:40px"></p></div></div></div></blockquote><div><br></di=
v><div>The second line is pointless, the first three columns are compared a=
gainst the incoming connection host/user/dbname to find out how authenticat=
ion should be handled.=C2=A0 The first match wins.=C2=A0 So for every local=
 connection peer, and only peer, is going to be used since everything match=
es all/all.</div><div><br></div><div>There is no way to give a user a choic=
e of how to authenticate.=C2=A0 There will be one accepted option for a giv=
en set of connection values.</div><div><br></div><div>David J.</div><div>=
=C2=A0</div>

--0000000000007333440621cc33c8--