Bug 41915 - no access to pykota postgresql database via localhost
no access to pykota postgresql database via localhost
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Printserver - pykota
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-3-errata
Assigned To: Janek Walkenhorst
Felix Botner
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-08-04 15:52 CEST by Christina Scheinig
Modified: 2016-10-04 13:52 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.137
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2016080421000187
Bug group (optional): Workaround is available
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christina Scheinig univentionstaff 2016-08-04 15:52:41 CEST
Creating the pg_hba.conf should configure "localhost" instead of "127.0.0.1" in /etc/univention/templates/files/etc/postgresql/9.1/main/pg_hba.conf.d/11-pg_hba.conf,
in order to access the database via ipv4 and ipv6.

The problem occurs in Ticket#2016080421000187 where the pykota-database could not be accessed via localhost but via 127.0.0.1

root@ucs:~# psql -h 127.0.0.1 -U pykotaadmin pykota
psql (9.1.16)
SSL-Verbindung (Verschlüsselungsmethode: DHE-RSA-AES256-SHA, Bits: 256)
Geben Sie »help« für Hilfe ein.

pykota=>

root@ucs:/etc/postgresql# psql -U pykotaadmin -h localhost -W  pykota
Passwort für Benutzer pykotaadmin:
psql: FATAL:  Passwort-Authentifizierung f?r Benutzer >>pykotaadmin<< fehlgeschlagen
FATAL:  Passwort-Authentifizierung f?r Benutzer >>pykotaadmin<< fehlgeschlagen

A restart of the nscd solved the problem in the first place
Comment 1 Felix Botner univentionstaff 2016-08-08 09:36:37 CEST
Workaround:

replace "127.0.0.1" with "localhost" in conffiles/etc/postgresql/9.1/main/pg_hba.conf.d/11-pg_hba.conf
Comment 2 Christina Scheinig univentionstaff 2016-08-10 10:30:39 CEST
The workaround does not work. The new configuration causes the postgresql service to fail to start

# service postgresql restart
[....] Restarting PostgreSQL 9.1 database server: main[....] The PostgreSQL server failed to start. Please check the log output: 2016-08-10 10:22:38 CEST LOG: ung?ltige Authentifizierungsmethode >>255.255.255.255<< 2016-08-10 10:22:38 CEST ZUSAMMENHANG: Zeile 88 in Konfigurationsdatei >>/etc/postgresql/9.1/main/pg_hba.conf<< 2016-08-10 10:22:38 CEST LOG: ung?ltige Authentifizierungsmethode >>255.255.255.255<< 2016-08-10 10:22:38 CEST ZUSAMMENHANG: Zeile 89 in Konfigurationsda[FAIL>/etc/postgresql/9.1/main/pg_hba.conf<< 2016-08-10 10:22:38 CEST FATAL: konnte pg_hba.conf nicht laden ... failed!
 failed!
Comment 3 Felix Botner univentionstaff 2016-08-10 10:55:42 CEST
(In reply to Felix Botner from comment #1)
> Workaround:
> 
> replace "127.0.0.1" with "localhost" in
> conffiles/etc/postgresql/9.1/main/pg_hba.conf.d/11-pg_hba.conf

replace "127.0.0.1       255.255.255.255" with "localhost"


it should look like this ->

host    pykota  pykotaadmin     localhost       trust
host    pykota  pykotauser      localhost       trust
Comment 4 Janek Walkenhorst univentionstaff 2016-08-30 17:44:19 CEST
univention-printquota (8.0.1-2) unstable; urgency=medium

  * PostgreSQL 9.1 supports host names in pg_hba.conf:
     change 127.0.0.1/32 to localhost, and thus add support for IPv6 (Bug #41915)

Tests: OK
Advisory: univention-printquota.yaml
Comment 5 Felix Botner univentionstaff 2016-09-01 15:24:05 CEST
OK - univention-printquotadb (localhost instead of 127.0.0.1 255.255.255.255
OK - YAML
OK - merged to 4.2
Comment 6 Janek Walkenhorst univentionstaff 2016-09-07 18:41:45 CEST
<http://errata.software-univention.de/ucs/4.1/248.html>