[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Help wanted for packaging postgresql application


> For the next problem I have no real clue for a solution.  The
> bootstrap method does access the database as the newly created user
> this requires a change of the PostgreSQL configuration.  To make the
> problem clear look at the following shell script:
>    #!/bin/sh
>    TUSER=mytestuser
>    PASSW=jippi
>    HASUSER=`echo "SELECT count(*) FROM pg_user WHERE usename = '"${TUSER}"'" | \
>       psql template1 | \
>       grep "^[[:space:]]*[0-9]\+" | \
>       sed "s/^[[:space:]]*\([0-9]\+\)/\1/"`
>    if [ $HASUSER -eq 0 ] ; then
>            psql template1
>    else
>       echo "User $TUSER exists."
>    fi
>    psql --username ${TUSER} --password template1 <<EOF
>    SELECT COUNT(*) FROM pg_tables
>    EOF
> This ends in
>    psql: FATAL:  IDENT authentication failed for user "mytestuser"
This does not fail because "mytestuser" has insufficient
rights inside PostgreSQL but beecause PostgreSQL tries to
verify general access rights to the database by trying to
match up the *database* user to the current *system* user via
identd. Since they don't match the access fails. Adding a line
to pg_hba.conf that allows database users other than the
executing system user to access the needed databases
restricted to, say, the local machine should alleviate this
problem. The auth_type must be set to passwd, crypt, md5 or some
such. Just not to IDENT or TRUST. (Well, TRUST should work but
we don't want that.)

GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD  4537 78B9 A9F9 E407 1346

Reply to: