Control: tag -1 moreinfo Dear Ross,
Your bug report below was just reassigned to dbconfig-pgsql which I maintain.
On Thu, 18 Nov 2021 19:11:11 -0800 Ross Boylan <rossboy...@stanfordalumni.org> wrote:
Package: bacula-director-pgsql Version: 9.4.2-2+deb10u1 Severity: normal
* What led up to the situation? My 2nd attempt to install bacula after initial failure of Bug#1000174. Because of that, configuration asks lower-priority questions. I requested password based login and gave a FQDN for the PG server.
So, you ask for password based login.
I get to this screen│ Please provide the password for the postgres account with which this package should perform administrative actions. │ │ │ │ For a standard PostgreSQL installation, a database password is not required, since authentication is done at the system │ │ level. │ │ │ │ Password of your database's administrative user: >* What exactly did you do (or not do) that was effective (or ineffective)? Left the password field blank.
And then you don't provide one.
That's my only choice, since I
never set it during PG setup (that is, when I installed PG, months
ago). I hit OK.
That sound normal because "For a standard PostgreSQL installation, a database password is not required, since authentication is done at the system" which means you shouldn't have picked "password" but rather "indent". I agree that the text in your case may have been a bit confusing, but it didn't meant "empty password", it meant "don't use password" (but that a bit superfluous as the previous screen also said that: 'For a standard PostgreSQL installation running on the same host,
"ident" is recommended.'
* What was the outcome of this action? | Empty passwords unsupported with PostgreSQL | with the only choice being OK, which takes me back to prior screen. * What outcome did you expect instead? That the configuration would accept my omission of the password since the earlier step recommended it! And that the omission would be possible, since I do have the standard setup in which it is not set.
I think your conflating two things here, which we can *maybe* fix with improved texts. You were asked what kind of authentication you wanted to do, "indent" or "password". You choose "password", went on not providing a password, but that's not supported by psql. If you wanted password-less authentication you should instead have chosen "indent".
Comment: The host name I set for the PG database is an alias for the same machine on which I'm installing bacula. It's unclear to me if that will confuse the installer and subsequent operations about whether it's the same. I did accept the default tcp/ip communication with the database.
I'm not totally sure I follow as I'm not totally fluent with psql server setup. I *think* that with tcp/ip, you can't use local machine "ident", so then without password you'd get 'With "ident" authentication to remote hosts, RFC-1413-based ident is used (which can be considered a security risk).' Because of the security risk, I think you *don't* want to use "ident", or really setup psql as a local machine and use local "ident", or use passwords of tcp/ip. But with the first or third option you are not "a standard PostgreSQL installation" so that text doesn't apply and you have to use a password if you choose to use "password" setup.
Paul
OpenPGP_signature
Description: OpenPGP digital signature
