sql-ledger and postgresql: HOWTO?

To: debian-user@lists.debian.org
Subject: sql-ledger and postgresql: HOWTO?
From: Johann Spies <jhspies@adept.co.za>
Date: Mon, 2 Aug 2004 22:48:56 +0200
Message-id: <[🔎] 20040802204856.GA6593@adept.co.za>
Mail-followup-to: Johann Spies <jhspies@adept.co.za>, debian-user@lists.debian.org

After seeing the article in Linuxjournal about sql-ledger I wanted to
try it out. The article referred to the installation as a
"breeze". That was not my experience. I found the documentation
confusing to say the least.

The README.Debian says:

"The easiest way to test this package is to add a postgres-users with
the name of www-data. This however will mean that every apache process
will be able to authenticate to your DB.

To make a more robust security scheme, please read your postgres
documentation, but for now, do , as root, a

su - postgres
createuser -d www-data

... snip ...

To finally test this, point your browser at
http://localhost/sql-ledger/admin.pl to create the DB and the initial
user, and afterwards: http://localhost/sql-ledger/login.pl to log in.
"

Why would the documentation suggest a scheme that is not secure?
Trying to create more secure schemes I had a lot of problems with the
standard Debian ident-scheme in postgresql. Reading the FAQ of
sql-ledger, I found:

" This error has everything to do with the way distros set up access
rights for postgres. They are way too restrictive and leave you wondering what to do next.

Do yourself a favour and change authentication type in pg_hba.conf
to

local all trust

until you have figured out what all this stuff in pg_hba.conf
does. Read about the different authentication settings and change
them as you see fit."

Now that does not help at all! Other documentation (README.gz)
suggests a "safer" scheme:

"if you use passwords to access postgres use this command
$ createuser -d -P sql-ledger
"

So I did that as well as 'createdb sql-ledger' and put the following
in /etc/pg_hba.conf:

# All IPv4 connections from localhost
host sql-ledger sql-ledger 127.0.0.1 255.255.255.255 md5
host all all 127.0.0.1 255.255.255.255 ident sameuser

After reloading the postgresql-configuration I tried

http://localhost/sql-ledger/admin.pl but when I try to create a
dataset as sql-ledger I get the following error:

FATAL: IDENT authentification failed for user "sql-ledger".

Why is postgresql trying to do an IDENT-authentication?

Is there an SQL-HOWTO somewhere that can explain in simple terms how
to set up sql-ledger in a secure way.

Regards
Johann

--
J.H. Spies - Tel. 021-982 2694 / 082 782 0336 / 021-808 4036(w)
Posbus 4668, Tygervallei 7536
"How precious also are thy thoughts unto me, O God! how
great is the sum of them! If I should count them, they
are more in number than the sand; when I awake, I am
still with thee." Psalms 139: 17,18

Reply to:

Follow-Ups:
- Re: sql-ledger and postgresql: HOWTO?
  - From: John Summerfield <debian@ComputerDatasafe.com.au>
- Re: sql-ledger and postgresql: HOWTO?
  - From: Oliver Elphick <olly@lfix.co.uk>

Prev by Date: Re: Security camera management software
Next by Date: Re: install reboots, optiplex gx1
Previous by thread: postfix aliases ignored
Next by thread: Re: sql-ledger and postgresql: HOWTO?
Index(es):
- Date
- Thread