On Fri, Jul 22, 2011 at 1:52 PM, John Griessen <[email protected]> wrote: > On 07/22/2011 02:39 PM, Chris Travers wrote: >> SSL is currently supported. >> >> The second question has to do with supporting appropriate types of >> PostgreSQL authentication methods. Do you have a need to authenticate >> against some form of single sign on server? If so, we can support >> LDAP and PAM as methods of authentication right now > > I don't have any LDAP server yet. I use PAM with debian linux and am > switching to ubuntu and will use PAM.
Ok, a little more info is in order here. LedgerSMB 1.3 uses PostgreSQL's authentication to authenticate users. It passes credentials ot the db and the db decides whether to authorize the user or not. PostgreSQL can then be configured to: 1) Accept all authentication requests (really not recommended!) 2) Password authentication against PostgreSQL passwords (recommended for most users) 3) Password authentication against an external source, like PAM or LDAP (optional, might make sense for some users) 4) Ticket authentication against Kerberos (not currently supported but we could add it) 5) Ident authentication (not supported, cannot add it and no benefit to doing so) etc..... In general right now if it involves passing a username and password to PostgreSQL, we can support it. If it involves some other credentials we can probably support it with some effort if the browser can send the relevant credentials and the web server can receive them unless there is a reason why this cannot work (like client-side SSL certificates used for authentication-- I don't think that could work) > >> The thing you have to think about regarding security for an accounting >> system is the fact that an internet attack can mess up your data in >> ways that can be painful, but an insider attack is far more dangerous >> because it can be used to cover for theft, pointing evidence at other >> people and the like. > > I'm a one person company just now. Soon I'll be using a fab shop separate > from > the house though, so multi location is important for me. > I'll be setting up some tasks with separation > of duties accounts and doing them myself and all from one location for a > while first...:-) If you are doing it all yourself, the reason for separation of duties is to check against errors? Or interfacing with an automated system? Something else? > > I've read the manual as far as understanding there are approvals needing to be > done by another in one mode. That's probably what you are suggesting -- to > set > up with approvals required from the start. > > What user roles make sense to set up? > You always want chief/CEO/owner as a role, and at least one person who can do > bookkeeping and needs approvals to post invoices purchase orders, write > checks. > How about web sales or POS bookkeeping? Does that role have different > permissions than generic bookkeeping? There are generic AR, AP, and GL bookkeeping roles. An individual could be assigned to all three. > How about inventory counting, shipping? Is there a special bookkeeping role > with limited permissions > you like to create for that set of tasks? Right now, everything is pretty granular. We are more generally missing ordinary bookkeeping roles and less generally missing "only can do this" type roles. However inventory counting currently is generally done as invoices against dedicated customer/vendor accounts. I am working on an add-on for counting and adjusting inventory, and in this regard you;d have one person entering the inventory and possibly someone else generating the internal invoices accounting for the differences. Best Wishes, Chris Travers > > John Griessen > > > ------------------------------------------------------------------------------ > 10 Tips for Better Web Security > Learn 10 ways to better secure your business today. Topics covered include: > Web security, SSL, hacker attacks & Denial of Service (DoS), private keys, > security Microsoft Exchange, secure Instant Messaging, and much more. > http://www.accelacomm.com/jaw/sfnl/114/51426210/ > _______________________________________________ > Ledger-smb-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/ledger-smb-users > ------------------------------------------------------------------------------ 10 Tips for Better Web Security Learn 10 ways to better secure your business today. Topics covered include: Web security, SSL, hacker attacks & Denial of Service (DoS), private keys, security Microsoft Exchange, secure Instant Messaging, and much more. http://www.accelacomm.com/jaw/sfnl/114/51426210/ _______________________________________________ Ledger-smb-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ledger-smb-users
