Re: postgres phpgroupware login woes

To: Lance Hoffmeyer <lance@august.net>
Cc: debian-user@lists.debian.org
Subject: Re: postgres phpgroupware login woes
From: Oliver Elphick <olly@lfix.co.uk>
Date: Thu, 26 Aug 2004 09:33:03 +0100
Message-id: <[🔎] 1093509183.1286.15.camel@braydb>
Reply-to: olly@lfix.co.uk
In-reply-to: <[🔎] 20040826043003.GA19484@augustmail.com>
References: <[🔎] 20040826043003.GA19484@augustmail.com>

On Thu, 2004-08-26 at 05:30, Lance Hoffmeyer wrote:
> Running SARGE.  I have everything installed
> and appears to be installed correctly.  If
> I login as user postgres I can login to 
> a database phpgroupware.  If I am any other
> user and I run command 
> 
> psql phpgroupware -U postgres -W
> 
> I get error 
> 
> psql: FATAL:  IDENT authentication failed for user "postgres"
> 
> also, I cannot create phpgroupware database from phpgroupware
> admin?
> 
> What have I got setup incorrectly?

I don't know the insides of phpgroupware, but let me explain
PostgreSQL's authentication.

You connect either as a local client using Unix sockets (hostname is
blank) or through TCP/IP with or without SSL (hostname is not blank);
these three modes of access are represented in
/etc/postgresql/pg_hba.conf by lines beginning "local", "host-ssl" or
"host" respectively.

You connect to a specified database as a specified user.  If you are
connecting through TCP/IP you are coming from some particular host.
The first line in pg_hba.conf to match the combination of access mode,
database, user and (for TCP/IP only) source IP address is the line that
governs how your access is authenticated.

The default access mode in Debian PostgreSQL is "ident sameuser"; this
means that the postmaster checks that the database user being requested
is the same as the system login.  This means that you can access
PostgreSQL securely without having to enter a password every time you
connect.

When you access through the web, you cannot use ident authentication
because the system user requesting access is the owner of the webserver
(usually www-data) rather than yourself; so web-based database access
must use passwords - specify authentication mode "md5" in pg_hba.conf. 
Remember you must set passwords for all users with ALTER USER WITH
PASSWORD xxxxxxx before you change the authentication mode.  A user with
no password cannot get in at all.

I presume that phpgroupware is the same kind of animal; it must be
running under some other user name, so it cannot use ident
authentication; you must specify md5 authentication mode in the
pg_hba.conf line that governs the connection.  If you want to avoid
having the same change made for all accesses, arrange to have
phpgroupware connect to hostname localhost (thus using TCP/IP) while
default psql access will be to a blank hostname, thus using a Unix
socket.  The two different access modes can have different
authentication, as explained above.

Oliver Elphick
maintainer

Reply to:

References:
- postgres phpgroupware login woes
  - From: Lance Hoffmeyer <lance@august.net>

Prev by Date: Re: openafs
Next by Date: Re: International Characters from a US Keyboard?
Previous by thread: postgres phpgroupware login woes
Next by thread: Re: postgres phpgroupware login woes
Index(es):
- Date
- Thread