Hi,
Just installed sql-ledger 1.8.7 on a fresh RedHat Linux with Apache1.3.
Ran into the common: 'Error! FATAL 1: IDENT authentication failed for user
"SQL-Ledger_Owner"' problem:
1) Suggestion: Instead of just passing the pg error along verbatim, couldn't
sql-ledger help its users by adding a hint like ["Have you checked your
settings in pg_hba.conf (e.g. in /usr/share/postgres/data)?"]?
2) Secondly, what is the best (most secure) setting for this anyway?
It comes pre-configured with
i) local all ident sameuser
that's not good enough for sql-ledger because you probably did not call the
user and database you created "apache" or "nobody"
Thus enabling
ii) local all trust
works, but is probably too open from a security perspective.
2a) Therefore - should I delete the pg users I created so far and only use a
user with the same name as my apache runs under. I.e. delete ii) but be
restricted in the number of independent "companies" (Chinese walls?) I can
run sql-ledger for?
2b) or is there a pg_hba.conf statement better than that? Something like
iii) local all ident apache_company1
local all ident apache_company2
I guess I would first have to identify the permitted users in pg_ident.conf
with something like
apache_company1 apache company1
apache_company2 apache company2
(no capitals recommended - at least with table names including caps, I ran
into problems)
This could maybe be the setting for some end-users of sql-ledger, but what
would be the most restrictive setting for the admin.pl user?
Any thoughts?
Rgds Ralf
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
-------------------------------------------------------
(un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users
Archive: http://www.mail-archive.com/[email protected]/
