Re: sql-ledger and postgresql: HOWTO?

To: debian-user@lists.debian.org
Cc: debian-user@lists.debian.org
Subject: Re: sql-ledger and postgresql: HOWTO?
From: John Summerfield <debian@ComputerDatasafe.com.au>
Date: Tue, 03 Aug 2004 07:01:13 +0800
Message-id: <[🔎] 410EC7B9.2090604@ComputerDatasafe.com.au>
In-reply-to: <[🔎] 20040802204856.GA6593@adept.co.za>
References: <[🔎] 20040802204856.GA6593@adept.co.za>

Johann Spies wrote:

After seeing the article in Linuxjournal about sql-ledger I wanted to
try it out.  The article referred to the installation as a
"breeze". That was not my experience.  I found the documentation
confusing to say the least.


The README.Debian says:


If you don't like the deb, try the source from sql-ledger.org.

"The easiest way to test this package is to add a postgres-users with
the name of www-data. This however will mean that every apache process
will be able to authenticate to your DB.

To make a more robust security scheme, please read your postgres
documentation, but for now, do , as root, a

su - postgres
createuser -d www-data

... snip ...

To finally test this, point your browser at
http://localhost/sql-ledger/admin.pl to create the DB and the initial
user, and afterwards: http://localhost/sql-ledger/login.pl to log in.
"

Why would the documentation suggest a scheme that is not secure?
Trying to create more secure schemes I had a lot of problems with the
standard Debian ident-scheme in postgresql.  Reading the FAQ of

sql-ledger, I found:

ident is not secure. Just let me near your network with my Laptop:-) Ican make _m,y_ ident say I'm whoever I want you to think I am.

"  This error has everything to do with the way distros set up access
rights for postgres. They are way too restrictive and leave you wondering what to do next.

   Do yourself a favour and change authentication type in pg_hba.conf
   to

   local           all              trust

Trust is probably okay if you control all the network. I'd change topassword authrntication.

   until you have figured out what all this stuff in pg_hba.conf
   does. Read about the different authentication settings and change

them as you see fit."


Now that does not help at all!  Other documentation (README.gz)

suggests a "safer" scheme:

"if you use passwords to access postgres use this command
 $ createuser -d -P sql-ledger
"

So I did that as well as 'createdb sql-ledger' and put the following
in /etc/pg_hba.conf:

# All IPv4 connections from localhost
host    sql-ledger  sql-ledger 127.0.0.1  255.255.255.255   md5
host all all 127.0.0.1   255.255.255.255   ident sameuser

After reloading the postgresql-configuration I tried

http://localhost/sql-ledger/admin.pl  but when I try to create a
dataset as sql-ledger I get the following error:

FATAL: IDENT authentification failed for user "sql-ledger".

Why is postgresql trying to do an IDENT-authentication?

Comment out the line(s) that say it can.

Is there an SQL-HOWTO somewhere that can explain in simple terms how
to set up sql-ledger in a secure way.

postgresql isn't a simple package. However, the documentation is copiesand readily accessible at the postgresql.prg website. sql-ledget isn'thard to set up, but I've not done it from a deb or on debian.




--

Cheers
John

-- spambait
1aaaaaaa@computerdatasafe.com.au  Z1aaaaaaa@computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/

Reply to:

Follow-Ups:
- Re: sql-ledger and postgresql: HOWTO?
  - From: Oliver Elphick <olly@lfix.co.uk>

References:
- sql-ledger and postgresql: HOWTO?
  - From: Johann Spies <jhspies@adept.co.za>

Prev by Date: RE: small fonts in xmms
Next by Date: Re: What determines which /dev/sd* a USB device becomes?
Previous by thread: sql-ledger and postgresql: HOWTO?
Next by thread: Re: sql-ledger and postgresql: HOWTO?
Index(es):
- Date
- Thread