[SOLVED] ident and postgres
I am trying to use a GUI to do some work on a local postgres database.
I was using pgaccess a year ago, but recently found it couldn't
connect because of an ident failure. I've tried a bunch of other
tools (pgamdin3, knoda, mergeant, and gnome-db) with mostly the same
problem.
I have not messed with the default authorization and access settings
for postgres.
Since I can connect with psql, I developed a theory: the front ends
only connect with tcp, not sockets (I have tried a blank hostname a
few times).
I needed to do all the following to make things work:
* install a package providing identd (I used midentd)
* Enable the service in /etc/inetd.conf
In this case, I used
auth stream tcp nowait identd /usr/sbin/midentd midentd
The line in the file by default uses ident as the first field; I don't
know if that matters. (I suspect it doesn't, because with both
present I got an error about duplicate entries).
The default specifies /usr/sbin/identd, but that wasn't present
(should there be some /etc/alternatives going on so this works?).
The default was wait.
I got the above line by modifying one in the midentd docs. Those gave
the user as nobody, but that did not work to authenticate.
My default tcpwrapper (/etc/hosts.*) and firewalling allow local
connections; they might also need to be tweaked in some cases. I
can't tell for sure if midentd uses tcpwrappers.
Though I seem to have got things working, any of the following forms
of follow up would be helpful:
1) how to get a GUI client to use sockets (or the name of client that
can use them)
2) recommended identd flavors and setup;
or
3) a sensible, safe way to modify my postgres authentication (I've
seen some suggestions about making it wide open, but I'd rather not.
For starters, I don't even want all users on the local system to be
able to mess with all the databases).
My setup is basically a single user system, though I do network with
another system (which mostly runs MS Windows, but does use my system
for internet access with NAT).
Reply to: