| From: | Russell Shaw <rjshaw(at)iprimus(dot)com(dot)au> |
|---|---|
| To: | |
| Cc: | pgsql-novice(at)postgresql(dot)org |
| Subject: | Re: Connect error |
| Date: | 2004-01-13 03:38:04 |
| Message-ID: | 4003681C.6080203@iprimus.com.au |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
Bruno Wolff III wrote:
> On Mon, Jan 12, 2004 at 07:42:41 -0800,
> Bill Moseley <moseley(at)hank(dot)org> wrote:
>
>>I don't know php, but is it (or Apache) running as user russell? If
>>not, then you can't authorize by IDENT.
>
> It is possible to authenticate using ident using a map that says the
> webserver account is allowed to use the db account "russell". The web server
> must either be on the same machine uisng domain sockets for connecting
> (which looks to be the case here) or be running an ident server.
>
> If you do this you are implicitly trusting the web server account, which
> might not be a good idea in some circumstances. You might want to create
> a separate db account for the web server with miminal privileges needed
> for its task.
In pg_ident.conf, i put:
# MAPNAME IDENT-USERNAME PG-USERNAME
apache www-data russell
apache russell russell
This works:
psql -U russell parts_list
This doesn't:
psql -U www-data parts_list
It says: psql: FATAL: IDENT authentication failed for user "www-data"
I've tried adding -h localhost also.
How can i test the identd server for user www-data?
www-data is in /etc/passwd, and i can also su to it.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Oliver Elphick | 2004-01-13 05:27:13 | Re: Case sensitivity |
| Previous Message | Bill Moseley | 2004-01-12 23:58:49 | Re: Connect error |