Skip site navigation (1) Skip section navigation (2)

Re: Connect error

From: Bill Moseley <moseley(at)hank(dot)org>
To: pgsql-novice(at)postgresql(dot)org
Subject: Re: Connect error
Date: 2004-01-12 23:58:49
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-novice
OK, I think I get it now.

For a database "newdb", created by user moseley and to only
allow connections from user moseley and the web server running as www-data
add the following line early:

    local    newdb       all                          ident webaccess

So, all unix-domain connections (local) trying to connect to user "newdb"
will check the "webaccess" map in the pg_ident.conf file.

    webaccess    moseley  moseley
    webaccess    www-data moseley

The first one is basically duplicating the "sameuser" feature.
Connection requests as user moseley must ident as user moseley.

The second one says connections for user moseley can ident as
"www-data".  "www-data" does not need to be a postgres user, of course.

    bumby:~$ whoami

    bumby:~$ psql -Umoseley newdb
    Welcome to psql 7.4.1, the PostgreSQL interactive terminal.

Now, to allow host connections (which is how my web application would
connect), add the "host" line:

    local    newdb       all                          ident webaccess
    host     newdb       all ident webaccess

I'm running Debian sid which didn't have ident running, so I installed
the ident2 package before this would work.

I'm just learning, but...

I doubt I would use this method.  Instead I'd use the md5 method
and load the password into the web server on startup (when running as
root).  That won't work with CGI programs, but will with mod_perl, for
example.  With the above method anyone with access to the web server can
access the newdb database.  Using a username and password also allows
GRANT permissions per user.

Bill Moseley

In response to

pgsql-novice by date

Next:From: Russell ShawDate: 2004-01-13 03:38:04
Subject: Re: Connect error
Previous:From: Bruno Wolff IIIDate: 2004-01-12 20:12:54
Subject: Re: [Ignor Whois] Re: Connect error

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group