reassign 344775 horde3
tags 344775 + moreinfo
thanks
Hi Roberto
On Sun, Dec 25, 2005 at 09:23:49PM -0500, Roberto C. Sanchez wrote:
Package: imp4
Version: 4.0.3-1
Severity: important
Ola,
I recently decided that for security reasons I wanted to limit
connections to the PostgreSQL server to Unix domain sockets. I
configured horde in the following way:
$conf['sql']['persistent'] = false;
$conf['sql']['hostspec'] = 'localhost';
$conf['sql']['username'] = '*';
$conf['sql']['password'] = '*';
$conf['sql']['socket'] = '/var/run/postgresql/';
$conf['sql']['protocol'] = 'unix';
$conf['sql']['database'] = '*';
$conf['sql']['charset'] = 'iso-8859-1';
$conf['sql']['phptype'] = 'pgsql';
I see.
Of course, the values with stars (*) are replaced by their correct
values in my configuration. I have enabled access to PostgreSQL in
pg_hba.conf via this line:
local horde2 hordemgrpassword
Now, if you look at my logs below, the first attempt succeeds as it is a
socket connection (host=[local]). However, after that, a TCP connection
is attempted (host=127.0.0.1) and subsequently denied. Looking below at
the horde3.log, you can see that imp is the culprit.
*** /var/log/postgresql/postgres.log ***
2005-12-25 21:15:15 [19867] LOG: connection received: host=[local]
port=
2005-12-25 21:15:15 [19867] LOG: connection authorized: user=hordemgr
database=horde2
2005-12-25 21:15:16 [19871] LOG: connection received: host=127.0.0.1
port=370942005-12-25 21:15:16 [19871] LOG: could not connect to Ident
server at address 127.0.0.1, port 113: Connection refused
2005-12-25 21:15:16 [19871] FATAL: IDENT authentication failed for user
hordemgr
*** /var/log/horde/horde3.log ***
Dec 25 21:15:16 HORDE [emergency] [imp] DB Error: connect failed: 1,
localhost, *, *, /var/run/postgresql/, tcp, *,
iso-8859-1, pgsql, 5432, horde_prefs, custom [on line 385 of
/usr/share/horde3/lib/Horde/Prefs/sql.php]
Something is causing IMP to not abide with the configuration of horde.
Perhaps there is a place where the connection defaults to TCP instead of
actually checking the configuration as specified?
I checked with the code in horde
/usr/share/horde3/lib/Horde/Prefs/sql.php file and it never use the option
socket. Where did you find that you could set that option?
If I add a line permitting the horde database user to connect to the
PostgreSQL server via TCP, then all is well. However, IMP really should
connect via a socket if that is what I have setup in the configuration.
Regards,
// Ola
-Roberto
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.27-santiago-10
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages imp4 depends on:
ii horde3 3.0.9-2 horde web application framework
ii php4-imap4:4.3.10-16 IMAP module for php4
-- no debconf information
--
- Ola Lundqvist ---
/ [EMAIL PROTECTED] Annebergsslingan 37 \
| [EMAIL PROTECTED] 654 65 KARLSTAD |
| +46 (0)54-10 14 30 +46 (0)70-332 1551 |
| http://www.opal.dhs.org UIN/icq: 4912500 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
