Johann Spies wrote:
After seeing the article in Linuxjournal about sql-ledger I wanted to try it out. The article referred to the installation as a "breeze". That was not my experience. I found the documentation confusing to say the least.
The README.Debian says:
If you don't like the deb, try the source from sql-ledger.org.
"The easiest way to test this package is to add a postgres-users with the name of www-data. This however will mean that every apache process will be able to authenticate to your DB.
To make a more robust security scheme, please read your postgres documentation, but for now, do , as root, a
su - postgres createuser -d www-data
... snip ...
To finally test this, point your browser at http://localhost/sql-ledger/admin.pl to create the DB and the initial user, and afterwards: http://localhost/sql-ledger/login.pl to log in. "
Why would the documentation suggest a scheme that is not secure?
Trying to create more secure schemes I had a lot of problems with the
standard Debian ident-scheme in postgresql. Reading the FAQ of
sql-ledger, I found:
ident is not secure. Just let me near your network with my Laptop:-) I can make _m,y_ ident say I'm whoever I want you to think I am.
" This error has everything to do with the way distros set up access rights for postgres. They are way too restrictive and leave you wondering what to do next.
Do yourself a favour and change authentication type in pg_hba.conf to
local all trust
Trust is probably okay if you control all the network. I'd change to password authrntication.
until you have figured out what all this stuff in pg_hba.conf
does. Read about the different authentication settings and change
them as you see fit."
Now that does not help at all! Other documentation (README.gz)
suggests a "safer" scheme:
"if you use passwords to access postgres use this command $ createuser -d -P sql-ledger "
So I did that as well as 'createdb sql-ledger' and put the following in /etc/pg_hba.conf:
# All IPv4 connections from localhost host sql-ledger sql-ledger 127.0.0.1 255.255.255.255 md5 host all all 127.0.0.1 255.255.255.255 ident sameuser
After reloading the postgresql-configuration I tried
http://localhost/sql-ledger/admin.pl but when I try to create a dataset as sql-ledger I get the following error:
FATAL: IDENT authentification failed for user "sql-ledger".
Why is postgresql trying to do an IDENT-authentication?
Comment out the line(s) that say it can.
postgresql isn't a simple package. However, the documentation is copies and readily accessible at the postgresql.prg website. sql-ledget isn't hard to set up, but I've not done it from a deb or on debian.Is there an SQL-HOWTO somewhere that can explain in simple terms how to set up sql-ledger in a secure way.
--
Cheers John
-- spambait [EMAIL PROTECTED] [EMAIL PROTECTED] Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]