우선 정재익님께 감사하다는 말부터 합니다. _(__)_ 꾸벅
제익님 말대로 pg_hba.conf가 문제가 맞더군요.
파일을 살펴보니 주석빼면
local all peer sameuser
host all 127.0.0.1 255.0.0.0 ident sameuser
host all 0.0.0.0 0.0.0.0 reject
이렇게 세줄이였습니다.
문제는 저 "peer sameuser"더군요. 이것을 "password"로 수정하니
정상적으로 접속을 하더군요. ^^
저 peer라는 것 때문에 Peer authentication failed 이라는 에러가 나온것이더군요.
뭐 pg_ident.conf를 수정해서 권한을 줄수 있겠지만 귀찮아서 ^^;;;
아무튼 저런식으로 하니 되더군요.
아참 그리고 패스워드에 대한 암호화부분에 대해서도
postgresql이 지원하는 것 같더군요.
주석중에서
Authentication Types (AUTHTYPE)
-------------------------------
AUTHTYPE is a keyword indicating the method used to authenticate the
user, i.e. to determine that the user is authorized to connect under
the PostgreSQL username supplied in the connection request. A
different AUTHTYPE can be specified for each record in the file.
trust: No authentication is done. Trust that the user has the
authority to use whatever username he specifies.
password: Authentication is done by matching a password supplied
in clear by the host. If AUTH_ARGUMENT is specified then
the password is compared with the user's entry in that
file (in the $PGDATA directory). These per-host password
files can be maintained with the pg_passwd(1) utility.
If no AUTH_ARGUMENT appears then the password is compared
with the user's entry in the pg_shadow table.
crypt: Same as 'password', but authentication is done by
encrypting the password sent over the network.
ident: Authentication is done by the ident server on the remote
host, via the ident (RFC 1413) protocol. An AUTH_ARGUMENT
is required: it is a map name to be found in the
$PGDATA/pg_ident.conf file. The connection is accepted
if pg_ident.conf contains an entry for this map name with
the ident-supplied username and the requested PostgreSQL
username. The special map name "sameuser" indicates an
implied map (not sought in pg_ident.conf) that maps every
ident username to the identical PostgreSQL username.
peer: Authentication is done as for ident, but by obtaining user
identification from the Unix socket credentials. (This
service is only supported by a few operating systems. If
it is not usable in a particular implementation, use of
this method will cause an error.) Username mapping is
exactly the same as for ident.
krb4: Kerberos V4 authentication is used.
krb5: Kerberos V5 authentication is used.
reject: Reject the connection.
Local (UNIX socket) connections support only AUTHTYPEs "trust",
"password", "crypt", and "reject". If the operating system supplies
the necessary support, they also support "peer".
Host and hostssl connections support all AUTHTYPEs except "peer".
과 같은 얘기가 있더군요.
crypt 라는 인증옵션이 존제하는 것을 보면 패스워드 암호화에 대한것도
지원하는 것 같습니다.
더이상은 영어가 짧아서 ^^;;;
이상으로 저의 삽질기였습니다.
마지막으로 재익님께 정말로 감사드립니다.
|