On Tue, 2002-10-08 at 12:21, Johnson, Shaunn wrote: > Not sure if this the most likely of maillists to ask, > but is anyone using phpPgAdmin? I have a few questions > regarding authentication of username / passwords.
We are. I love it. > In my pg_hba.conf, I have this: > > [snip conf file] > > # TYPE DATABASE IP_ADDRESS MASK AUTH_TYPE > AUTH_ARGUMENT > local all trust I specifically disallow local, because we're about to switch to kerberos as our auth mechanism. In your case, I think you want md5 here as well. > host all 127.0.0.1 255.255.255.255 md5 > host all 16.x.x.1 255.0.0.0 md5 > host all 192.168.0.0 255.255.255.0 md5 > > [/snip conf file] > > In the config.inc.php, I have this: > > [snip php conf] > > > // The $cfgServers array starts with $cfgServers[1]. Do not use > $cfgServers[0]. > // You can disable a server config entry by setting host to ''. > $cfgServers[1]['local'] = false; > $cfgServers[1]['host'] = 'test.localserver.net'; > $cfgServers[1]['port'] = '5432'; > $cfgServers[1]['adv_auth'] = true; > > $cfgServers[1]['user'] = ''; // if you are not using adv_auth, > // enter the username to > connect all the time > $cfgServers[1]['password'] = ''; // if you are not using adv_auth and > > // a password is > required enter a password > $cfgServers[1]['only_db'] = ''; // if set to a db-name, only this db > is accessible > > > [/snip php conf] > > As I understand it, shouldn't this allow any user with TCP connection > to access the database? I suppose I am trying to understand if > adv_auth even uses pg_shadow at all, or, does 'local' means that > no authentication is needed, anyone can log in. I believe it does. > > The only thing that happens at the index.php page is when I log > in, I get "Wrong username/password. Access denied". Advance auth requires you to have these two entries: $cfgServers[1]['stduser'] = 'auth'; $cfgServers[1]['stdpass'] = 'adv_auth'; Obviously, where stduser and stdpass are specific to your site. What happens is pgadmin needs someway to confirm or deny that a given user can login to the database, and so has to use this "other" user/password to connect. I think thats whats happening, anyway. -- Hunter Matthews Unix / Network Administrator Office: BioScience 145/244 Duke Univ. Biology Department Key: F0F88438 / FFB5 34C0 B350 99A4 BB02 9779 A5DB 8B09 F0F8 8438 Never take candy from strangers. Especially on the internet. ---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster
