You can set authentication to anything but crypt and md5
Dieter Simader http://www.sql-ledger.org (780) 472-8161 DWS Systems Inc. Accounting Software Fax: 478-5281 =========== On a clear disk you can seek forever =========== On Mon, 7 Oct 2002, Ralf Hauser wrote: > Hi, > > Just installed sql-ledger 1.8.7 on a fresh RedHat Linux with Apache1.3. > Ran into the common: 'Error! FATAL 1: IDENT authentication failed for user > "SQL-Ledger_Owner"' problem: > > 1) Suggestion: Instead of just passing the pg error along verbatim, couldn't > sql-ledger help its users by adding a hint like ["Have you checked your > settings in pg_hba.conf (e.g. in /usr/share/postgres/data)?"]? > > 2) Secondly, what is the best (most secure) setting for this anyway? > It comes pre-configured with > i) local all ident sameuser > that's not good enough for sql-ledger because you probably did not call the > user and database you created "apache" or "nobody" > > Thus enabling > ii) local all trust > works, but is probably too open from a security perspective. > > 2a) Therefore - should I delete the pg users I created so far and only use a > user with the same name as my apache runs under. I.e. delete ii) but be > restricted in the number of independent "companies" (Chinese walls?) I can > run sql-ledger for? > 2b) or is there a pg_hba.conf statement better than that? Something like > iii) local all ident apache_company1 > local all ident apache_company2 > I guess I would first have to identify the permitted users in pg_ident.conf > with something like > apache_company1 apache company1 > apache_company2 apache company2 > (no capitals recommended - at least with table names including caps, I ran > into problems) > This could maybe be the setting for some end-users of sql-ledger, but what > would be the most restrictive setting for the admin.pl user? > > Any thoughts? > > Rgds Ralf > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > ------------------------------------------------------- > (un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users > Archive: http://www.mail-archive.com/[email protected]/ > ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------- (un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users Archive: http://www.mail-archive.com/[email protected]/
