On Mon, 2004-08-02 at 21:48, Johann Spies wrote: > After seeing the article in Linuxjournal about sql-ledger I wanted to > try it out. The article referred to the installation as a > "breeze". That was not my experience. I found the documentation > confusing to say the least.
I agree with that. (Once I got it working, I found sql-ledger to be cumbersome and not in my opinion suitable for use as an enterprise accounts system. ) ... > Why would the documentation suggest a scheme that is not secure? > Trying to create more secure schemes I had a lot of problems with the > standard Debian ident-scheme in postgresql. Reading the FAQ of > sql-ledger, I found: > > " This error has everything to do with the way distros set up access > rights for postgres. They are way too restrictive and leave you wondering what to do > next. > > Do yourself a favour and change authentication type in pg_hba.conf > to > > local all trust > > until you have figured out what all this stuff in pg_hba.conf > does. Read about the different authentication settings and change > them as you see fit." Yuck! Such an attitude to security makes me wonder a bit about the whole package! Accounting applications MUST be secure! > Now that does not help at all! Other documentation (README.gz) > suggests a "safer" scheme: > > "if you use passwords to access postgres use this command > $ createuser -d -P sql-ledger > " Yes. With web applications, passwords are the only way to go, because otherwise you have no verification of the user's identity. > So I did that as well as 'createdb sql-ledger' and put the following > in /etc/pg_hba.conf: > > # All IPv4 connections from localhost > host sql-ledger sql-ledger 127.0.0.1 255.255.255.255 md5 > host all all 127.0.0.1 255.255.255.255 ident sameuser > > After reloading the postgresql-configuration I tried > > http://localhost/sql-ledger/admin.pl but when I try to create a > dataset as sql-ledger I get the following error: > > FATAL: IDENT authentification failed for user "sql-ledger". > > Why is postgresql trying to do an IDENT-authentication? If any other database than sql-ledger is involved, the first of those two pg_hba.conf lines does not apply and the second is used instead. (If you weren't specifying any host at all, it would be trying a Unix socket connection rather than TCP/IP and neither of those lines would apply.) I think that its first action is to create a database, so it is quite likely connecting to template1 first (since that is the only database it can be sure exists). Try changing the database parameter of the pg_hba.conf line to "all". -- Oliver Elphick [EMAIL PROTECTED] Isle of Wight http://www.lfix.co.uk/oliver GPG: 1024D/A54310EA 92C8 39E7 280E 3631 3F0E 1EC0 5664 7A2F A543 10EA ======================================== "All scripture is given by inspiration of God, and is profitable for doctrine, for reproof, for correction, for instruction in righteousness;" II Timothy 3:16 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]