Re: sql-ledger and postgresql: HOWTO?
On Mon, 2004-08-02 at 21:48, Johann Spies wrote:
> After seeing the article in Linuxjournal about sql-ledger I wanted to
> try it out. The article referred to the installation as a
> "breeze". That was not my experience. I found the documentation
> confusing to say the least.
I agree with that. (Once I got it working, I found sql-ledger to be
cumbersome and not in my opinion suitable for use as an enterprise
accounts system. )
> Why would the documentation suggest a scheme that is not secure?
> Trying to create more secure schemes I had a lot of problems with the
> standard Debian ident-scheme in postgresql. Reading the FAQ of
> sql-ledger, I found:
> " This error has everything to do with the way distros set up access
> rights for postgres. They are way too restrictive and leave you wondering what to do next.
> Do yourself a favour and change authentication type in pg_hba.conf
> local all trust
> until you have figured out what all this stuff in pg_hba.conf
> does. Read about the different authentication settings and change
> them as you see fit."
Yuck! Such an attitude to security makes me wonder a bit about the
whole package! Accounting applications MUST be secure!
> Now that does not help at all! Other documentation (README.gz)
> suggests a "safer" scheme:
> "if you use passwords to access postgres use this command
> $ createuser -d -P sql-ledger
Yes. With web applications, passwords are the only way to go, because
otherwise you have no verification of the user's identity.
> So I did that as well as 'createdb sql-ledger' and put the following
> in /etc/pg_hba.conf:
> # All IPv4 connections from localhost
> host sql-ledger sql-ledger 127.0.0.1 255.255.255.255 md5
> host all all 127.0.0.1 255.255.255.255 ident sameuser
> After reloading the postgresql-configuration I tried
> http://localhost/sql-ledger/admin.pl but when I try to create a
> dataset as sql-ledger I get the following error:
> FATAL: IDENT authentification failed for user "sql-ledger".
> Why is postgresql trying to do an IDENT-authentication?
If any other database than sql-ledger is involved, the first of those
two pg_hba.conf lines does not apply and the second is used instead.
(If you weren't specifying any host at all, it would be trying a Unix
socket connection rather than TCP/IP and neither of those lines would
apply.) I think that its first action is to create a database, so it is
quite likely connecting to template1 first (since that is the only
database it can be sure exists). Try changing the database parameter of
the pg_hba.conf line to "all".
Oliver Elphick firstname.lastname@example.org
Isle of Wight http://www.lfix.co.uk/oliver
GPG: 1024D/A54310EA 92C8 39E7 280E 3631 3F0E 1EC0 5664 7A2F A543 10EA
"All scripture is given by inspiration of God, and is
profitable for doctrine, for reproof, for correction,
for instruction in righteousness;"
II Timothy 3:16