[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnumed-devel] Re: Gnumed Debian packaging lagging behind...
From: |
Andreas Tille |
Subject: |
[Gnumed-devel] Re: Gnumed Debian packaging lagging behind... |
Date: |
Sun, 7 Nov 2004 12:04:41 +0100 (CET) |
On Sun, 7 Nov 2004, Ian Haywood wrote:
We should take this very serious. Could you please describe in detail what
did not work. Please try to start from an unchanged /etc/postgresql/pg_hba.conf
and report what happens after installing the server package. I observed the
Here is the stock Debian pg_hba.conf
# TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
# Database administrative login by UNIX sockets
local all postgres ident
sameuser
#
# All other connections by UNIX sockets
local all all ident
sameuser
#
# All IPv4 connections from localhost
host all all 127.0.0.1 255.255.255.255 ident
sameuser
#
# All IPv6 localhost connections
host all all ::1
ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff ident sameuser
host all all ::ffff:127.0.0.1/128 ident
sameuser
#
# reject all other connection attempts
host all all 0.0.0.0 0.0.0.0 reject
The big problem is the only authentication method is "ident sameuser", however
gnumed wants to connect as users that don't exist as system users, such a
"gm-dbowner" and "test-doc". [note these names are configurable, by renaming
them to
real system users it may be possible to get gnumed working with this default
file]
I have found the most restrictive option that still allows gnumed install is
I think you have not. Just try to install the gnumed-snapshot-server package
and answer the debconf question that the package is allowed to change your
postgres configuration. You will find some additional lines in your pg_hba.conf
which should enable to bootstrap gnumed-server. Please report here if something
fails.
The additional lines can be obtained from
http://people.debian.org/~tille/packages/gnumed/debian/pg_config/pg_hba.conf.GnuMed
Stripped all comments you get the remaining
local template1 @gmTemplate1User.list password
local gnumed-test @gmTemplate1User.list trust
local gnumed-test @gmGnumedUser.list password
local all postgres ident sameuser # so postgres can connect
w/o password
local gnumed all md5 # allows any user to connect with
password, but only to gnumed
This is more than necessary. In the @*.list files which are symlinked
to /etc/gnumed you are able to configure additional users who should
be allowed to access the server.
Gnumed *should* work solely through a UNIX socket connection.
It is.
Kind regards
Andreas.
- [Gnumed-devel] Re: Gnumed Debian packaging lagging behind..., (continued)
- [Gnumed-devel] Re: Gnumed Debian packaging lagging behind..., Andreas Tille, 2004/11/05
- [Gnumed-devel] Re: Gnumed Debian packaging lagging behind..., J Busser, 2004/11/05
- [Gnumed-devel] Re: Gnumed Debian packaging lagging behind..., Andreas Tille, 2004/11/05
- [Gnumed-devel] Re: Gnumed Debian packaging lagging behind..., Andreas Tille, 2004/11/08
- Re: [Gnumed-devel] Re: Gnumed Debian packaging lagging behind..., Karsten Hilbert, 2004/11/08
- [Gnumed-devel] Re: Gnumed Debian packaging lagging behind..., Andreas Tille, 2004/11/09
- Re: [Gnumed-devel] Re: Gnumed Debian packaging lagging behind..., Karsten Hilbert, 2004/11/05
Re: [Gnumed-devel] Re: Gnumed Debian packaging lagging behind..., Karsten Hilbert, 2004/11/05
Re: [Gnumed-devel] Re: Gnumed Debian packaging lagging behind..., Ian Haywood, 2004/11/06