Bug 41915

Summary: no access to pykota postgresql database via localhost
Product: UCS Reporter: Christina Scheinig <scheinig>
Component: Printserver - pykotaAssignee: Janek Walkenhorst <walkenhorst>
Status: CLOSED FIXED QA Contact: Felix Botner <botner>
Severity: normal    
Priority: P5 CC: botner, gohmann, grandjean
Version: UCS 4.1   
Target Milestone: UCS 4.1-3-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: Bug Report What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.137 Enterprise Customer affected?: Yes
School Customer affected?: Yes ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: 2016080421000187 Bug group (optional): Workaround is available
Max CVSS v3 score:

Description Christina Scheinig univentionstaff 2016-08-04 15:52:41 CEST 
Creating the pg_hba.conf should configure "localhost" instead of "127.0.0.1" in /etc/univention/templates/files/etc/postgresql/9.1/main/pg_hba.conf.d/11-pg_hba.conf,
in order to access the database via ipv4 and ipv6.

The problem occurs in Ticket#2016080421000187 where the pykota-database could not be accessed via localhost but via 127.0.0.1

root@ucs:~# psql -h 127.0.0.1 -U pykotaadmin pykota
psql (9.1.16)
SSL-Verbindung (Verschlüsselungsmethode: DHE-RSA-AES256-SHA, Bits: 256)
Geben Sie »help« für Hilfe ein.

pykota=>

root@ucs:/etc/postgresql# psql -U pykotaadmin -h localhost -W  pykota
Passwort für Benutzer pykotaadmin:
psql: FATAL:  Passwort-Authentifizierung f?r Benutzer >>pykotaadmin<< fehlgeschlagen
FATAL:  Passwort-Authentifizierung f?r Benutzer >>pykotaadmin<< fehlgeschlagen

A restart of the nscd solved the problem in the first place
Comment 1 Felix Botner univentionstaff 2016-08-08 09:36:37 CEST 
Workaround:

replace "127.0.0.1" with "localhost" in conffiles/etc/postgresql/9.1/main/pg_hba.conf.d/11-pg_hba.conf
Comment 2 Christina Scheinig univentionstaff 2016-08-10 10:30:39 CEST 
The workaround does not work. The new configuration causes the postgresql service to fail to start

# service postgresql restart
[....] Restarting PostgreSQL 9.1 database server: main[....] The PostgreSQL server failed to start. Please check the log output: 2016-08-10 10:22:38 CEST LOG: ung?ltige Authentifizierungsmethode >>255.255.255.255<< 2016-08-10 10:22:38 CEST ZUSAMMENHANG: Zeile 88 in Konfigurationsdatei >>/etc/postgresql/9.1/main/pg_hba.conf<< 2016-08-10 10:22:38 CEST LOG: ung?ltige Authentifizierungsmethode >>255.255.255.255<< 2016-08-10 10:22:38 CEST ZUSAMMENHANG: Zeile 89 in Konfigurationsda[FAIL>/etc/postgresql/9.1/main/pg_hba.conf<< 2016-08-10 10:22:38 CEST FATAL: konnte pg_hba.conf nicht laden ... failed!
 failed!
Comment 3 Felix Botner univentionstaff 2016-08-10 10:55:42 CEST 
(In reply to Felix Botner from comment #1)
> Workaround:
> 
> replace "127.0.0.1" with "localhost" in
> conffiles/etc/postgresql/9.1/main/pg_hba.conf.d/11-pg_hba.conf

replace "127.0.0.1       255.255.255.255" with "localhost"


it should look like this ->

host    pykota  pykotaadmin     localhost       trust
host    pykota  pykotauser      localhost       trust
Comment 4 Janek Walkenhorst univentionstaff 2016-08-30 17:44:19 CEST 
univention-printquota (8.0.1-2) unstable; urgency=medium

  * PostgreSQL 9.1 supports host names in pg_hba.conf:
     change 127.0.0.1/32 to localhost, and thus add support for IPv6 (Bug #41915)

Tests: OK
Advisory: univention-printquota.yaml
Comment 5 Felix Botner univentionstaff 2016-09-01 15:24:05 CEST 
OK - univention-printquotadb (localhost instead of 127.0.0.1 255.255.255.255
OK - YAML
OK - merged to 4.2
Comment 6 Janek Walkenhorst univentionstaff 2016-09-07 18:41:45 CEST 
<http://errata.software-univention.de/ucs/4.1/248.html>