Skip site navigation (1) Skip section navigation (2)

Re: Connect error

From: Russell Shaw <rjshaw(at)iprimus(dot)com(dot)au>
To:
Cc: pgsql-novice(at)postgresql(dot)org
Subject: Re: Connect error
Date: 2004-01-13 03:38:04
Message-ID: 4003681C.6080203@iprimus.com.au (view raw or flat)
Thread:
Lists: pgsql-novice
Bruno Wolff III wrote:
> On Mon, Jan 12, 2004 at 07:42:41 -0800,
>   Bill Moseley <moseley(at)hank(dot)org> wrote:
> 
>>I don't know php, but is it (or Apache) running as user russell?  If 
>>not, then you can't authorize by IDENT.
> 
> It is possible to authenticate using ident using a map that says the
> webserver account is allowed to use the db account "russell". The web server
> must either be on the same machine uisng domain sockets for connecting
> (which looks to be the case here) or be running an ident server.
> 
> If you do this you are implicitly trusting the web server account, which
> might not be a good idea in some circumstances. You might want to create
> a separate db account for the web server with miminal privileges needed
> for its task.

In pg_ident.conf, i put:

   # MAPNAME   IDENT-USERNAME  PG-USERNAME
   apache      www-data        russell
   apache      russell         russell

This works:
   psql -U russell parts_list

This doesn't:
   psql -U www-data parts_list

It says: psql: FATAL:  IDENT authentication failed for user "www-data"

I've tried adding -h localhost also.

How can i test the identd server for user www-data?
www-data is in /etc/passwd, and i can also su to it.


In response to

Responses

pgsql-novice by date

Next:From: Oliver ElphickDate: 2004-01-13 05:27:13
Subject: Re: Case sensitivity
Previous:From: Bill MoseleyDate: 2004-01-12 23:58:49
Subject: Re: Connect error

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group