reassign 344775 horde3 tags 344775 + moreinfo thanks Hi Roberto
On Sun, Dec 25, 2005 at 09:23:49PM -0500, Roberto C. Sanchez wrote: > Package: imp4 > Version: 4.0.3-1 > Severity: important > > Ola, > > I recently decided that for security reasons I wanted to limit > connections to the PostgreSQL server to Unix domain sockets. I > configured horde in the following way: > > $conf['sql']['persistent'] = false; > $conf['sql']['hostspec'] = 'localhost'; > $conf['sql']['username'] = '*****'; > $conf['sql']['password'] = '*****'; > $conf['sql']['socket'] = '/var/run/postgresql/'; > $conf['sql']['protocol'] = 'unix'; > $conf['sql']['database'] = '*****'; > $conf['sql']['charset'] = 'iso-8859-1'; > $conf['sql']['phptype'] = 'pgsql'; I see. > Of course, the values with stars (*) are replaced by their correct > values in my configuration. I have enabled access to PostgreSQL in > pg_hba.conf via this line: > > local horde2 hordemgr password > > Now, if you look at my logs below, the first attempt succeeds as it is a > socket connection (host=[local]). However, after that, a TCP connection > is attempted (host=127.0.0.1) and subsequently denied. Looking below at > the horde3.log, you can see that imp is the culprit. > > *** /var/log/postgresql/postgres.log *** > 2005-12-25 21:15:15 [19867] LOG: connection received: host=[local] > port= > 2005-12-25 21:15:15 [19867] LOG: connection authorized: user=hordemgr > database=horde2 > 2005-12-25 21:15:16 [19871] LOG: connection received: host=127.0.0.1 > port=370942005-12-25 21:15:16 [19871] LOG: could not connect to Ident > server at address "127.0.0.1", port 113: Connection refused > 2005-12-25 21:15:16 [19871] FATAL: IDENT authentication failed for user > "hordemgr" > > *** /var/log/horde/horde3.log *** > Dec 25 21:15:16 HORDE [emergency] [imp] DB Error: connect failed: 1, > localhost, *****, *****, /var/run/postgresql/, tcp, *****, > iso-8859-1, pgsql, 5432, horde_prefs, custom [on line 385 of > "/usr/share/horde3/lib/Horde/Prefs/sql.php"] > > Something is causing IMP to not abide with the configuration of horde. > Perhaps there is a place where the connection defaults to TCP instead of > actually checking the configuration as specified? I checked with the code in horde /usr/share/horde3/lib/Horde/Prefs/sql.php file and it never use the option socket. Where did you find that you could set that option? > If I add a line permitting the horde database user to connect to the > PostgreSQL server via TCP, then all is well. However, IMP really should > connect via a socket if that is what I have setup in the configuration. Regards, // Ola > -Roberto > > -- System Information: > Debian Release: 3.1 > Architecture: i386 (i686) > Kernel: Linux 2.4.27-santiago-10 > Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) > > Versions of packages imp4 depends on: > ii horde3 3.0.9-2 horde web application framework > ii php4-imap 4:4.3.10-16 IMAP module for php4 > > -- no debconf information > > -- --------------------- Ola Lundqvist --------------------------- / [EMAIL PROTECTED] Annebergsslingan 37 \ | [EMAIL PROTECTED] 654 65 KARLSTAD | | +46 (0)54-10 14 30 +46 (0)70-332 1551 | | http://www.opal.dhs.org UIN/icq: 4912500 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --------------------------------------------------------------- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
