Hello, folks!
I've found an alternative way to configure postgres than in the doc.
I've installed an identd on my postgrest/bacula-dir server. In
pg_hba.conf I wrote the line:
local bacula bacula ident bacula
This line is right after the administrative entry and before the other
local entries. This line reads like this: User bacula is allowed to
connect to database bacula via unix domain sockets with authentication
method ident and ident mapping called bacula (mapping name is the last
column). The mapping called bacula needs to be written in pg_ident.conf:
bacula root bacula
bacula bacula bacula
First line means this: In mapping called bacula the user root is mapped
to user bacula.
Second line means this: In mapping called bacula the user bacula is
mapped to user bacula.
Both root and bacula needs to be mapped to bacula, because at boot time
the director connects to the database with user root and later at normal
run time it connects as user bacula. BTW: My director is
compile-time-configured to run as posix user bacula. If bacula-dir
wouldn't try to connect as root, this weird config wouldn't be
necessary, instead the postgres standard config would fit, i.e. it would
work with special ident mapping "sameuser".
Why the heck doesn't bacula drop root priviledges before connecting to
the DB?
I think this config is easier than using password files and possibly is
more secure than the "trust" method. What do you think?
/HM
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
