[Gnumed-devel] Re: Gnumed Debian packaging lagging behind...

[Andreas Tille]

On Sun, 7 Nov 2004, Ian Haywood wrote:

> > We should take this very serious.  Could you please describe in detail what
> > did not work.  Please try to start from an unchanged /etc/postgresql/pg_hba.conf
> > and report what happens after installing the server package.  I observed the
> Here is the stock Debian pg_hba.conf
>
> # TYPE  DATABASE    USER        IP-ADDRESS        IP-MASK           METHOD
> # Database administrative login by UNIX sockets
> local   all         postgres                                        ident 
> sameuser
> #
> # All other connections by UNIX sockets
> local   all         all                                             ident 
> sameuser
> #
> # All IPv4 connections from localhost
> host    all         all         127.0.0.1         255.255.255.255   ident 
> sameuser
> #
> # All IPv6 localhost connections
> host    all         all         ::1               
> ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff        ident sameuser
> host    all         all         ::ffff:127.0.0.1/128                ident 
> sameuser
> #
> # reject all other connection attempts
> host    all         all         0.0.0.0           0.0.0.0           reject
>
> The big problem is the only authentication method is "ident sameuser", however
> gnumed wants to connect as users that don't exist as system users, such a
> "gm-dbowner" and "test-doc". [note these names are configurable, by renaming 
> them to
> real system users it may be possible to get gnumed working with this default 
> file]
>
> I have found the most restrictive option that still allows gnumed install is
I think you have not.  Just try to install the gnumed-snapshot-server package
and answer the debconf question that the package is allowed to change your
postgres configuration.  You will find some additional lines in your pg_hba.conf
which should enable to bootstrap gnumed-server.  Please report here if something
fails.

The additional lines can be obtained from
     
http://people.debian.org/~tille/packages/gnumed/debian/pg_config/pg_hba.conf.GnuMed

Stripped all comments you get the remaining

local        template1      @gmTemplate1User.list                  password
local        gnumed-test    @gmTemplate1User.list                  trust
local   gnumed-test  @gmGnumedUser.list                     password


> local    all            postgres      ident sameuser # so postgres can connect 
> w/o password
> local    gnumed  all                 md5     # allows any user to connect with 
> password, but only to gnumed
This is more than necessary.  In the @*.list files which are symlinked
to /etc/gnumed you are able to configure additional users who should
be allowed to access the server.

> Gnumed *should* work solely through a UNIX socket connection.
It is.

Kind regards

           Andreas.