So I am trying to connect to postgres in golang using GSSAPI (kerberos). Currently I am using pgx library along with gopgkrb5. I am successfully connecting and authenticating with gssapi, the only problem is - connection is not secure. When I edit pg_hba.conf to accept only secure gssapi connections, It does not work (no entry found for insecure connection). I read that postgres supports GSSAPI encryption, but It seems like pgx(pgconn in particular) does not support it. Am I wrong? Or, if not, does pq support it?
Related
I'm working on a project with the kosmtik tool together with osm2pgsql to be able to generate data for OPENS STREET MAP directly from my postgres database, and I'm having this connection problem when I make requests to the database, they are being accessed by the file localconfig.js and together with project.mml
Has anyone had a similar problem or worked with this tool to be able to use it in OSM ??
From PostgreSQL authentication method 10 not supported, you can understand that your client cannot authenticate using scram-sha-256, and from POSTGRES_HOST_AUTH_METHOD in https://hub.docker.com/_/postgres, you get that scram-sha-256 is the default auth method when using postgres 14 and later.
So, you can either update the postgresql client you use, or downgrade postgres to v13. You could also choose to disable passwords or use md5 auth method on postgres.
It does looks like kosmtik uses mapnik, which has Unable to connect to Postgresql 14 with scram-sha-256 password hashing · Issue #4283 · mapnik/mapnik.
I want to connect my quarkus app to a postgres instance with the reactive pg client.
The authentication is made through a verify-ca ssl mode.
With jdbc, I was able to connect to the db with this URI:
jdbc:postgresql://my.host:5432/myDb?targetServerType=master&ssl=true&sslmode=verify-ca&sslcert=/path/to/cert&sslkey=/path/to/key&sslpassword=&sslrootcert=/path/to/rootcert
With the reactive client, I got this error with the same URI (without the jdbc prefix of course):
java.lang.IllegalArgumentException: Trust options must be specified under verify-full or verify-ca sslmode
at io.vertx.pgclient.impl.PgConnectionFactory.initializeConfiguration(PgConnectionFactory.java:69)
I tried to define the quarkus.datasource.reactive.postgresql.ssl-mode option to verify-ca but it does not work.
Can anyone help me on this ? Maybe I missed the documentation about the connection URI format but I dit not find anything relevant.
Thanks
As per links below, PostgreSql supports several ssl mode connections, but its ADO.net driver, npgsql does not support the modes verify-ca and verify-full, which are supported by the its JDBC driver.
Is there any reason for this?
Is it possible to use these modes somehow else?
PostgreSql docu
https://www.postgresql.org/docs/9.1/libpq-ssl.html
Npgsql driver docu
https://www.npgsql.org/doc/connection-string-parameters.html
JDBC driver docu
https://jdbc.postgresql.org/documentation/head/ssl-client.html
Npgsql will by default verify the server certificate, so SSL Mode=Require would correspond to libpq's verify-ca or verify-full (the documentation is not entirely clear on that).
From the documentation link in your question:
By default, Npgsql will validate your server's certificate; if you're using a self-signed certificate, this will fail. You can instruct Npgsql to ignore this by specifying Trust Server Certificate=true in the connection string. To precisely control how the server's certificate is validated, you can register UserCertificateValidationCallback on NpgsqlConnection (this works just like on .NET's SslStream).
I have a PostGIS database on Heroku and I want to connect my external GeoServer to it. I can't do it because Geoserver does not support SSL and Heroku requires it.
Is there any way of disabling Heroku postgres SSL?
Thanks in advance
The simplified GeoServer UI does not allow to configure SSL connections, but you can setup a JNDI connection pool and provide all JDBC parameters you want that way:
http://docs.geoserver.org/stable/en/user/tutorials/tomcat-jndi/tomcat-jndi.html#configuring-a-postgresql-connection-pool
If you do run into a client that doesn't support SSL at all, you can possibly proxy it using a tool like stunnel.
I am using Robomongo but I am unable to connect to my mongodb since it is ssl enabled. So, I am currently connecting through cmd, but it has its limitations like page buffer and I am missing the UI experience.
RoboMongo version 10 has support for SSL, use this version.
More info - http://blog.robomongo.org/robomongo-rc10/