[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnumed-devel] Re: Gnumed Debian packaging lagging behind...

From: Andreas Tille
Subject: [Gnumed-devel] Re: Gnumed Debian packaging lagging behind...
Date: Sun, 7 Nov 2004 12:04:41 +0100 (CET)

On Sun, 7 Nov 2004, Ian Haywood wrote:

We should take this very serious.  Could you please describe in detail what
did not work.  Please try to start from an unchanged /etc/postgresql/pg_hba.conf
and report what happens after installing the server package.  I observed the
Here is the stock Debian pg_hba.conf

# TYPE  DATABASE    USER        IP-ADDRESS        IP-MASK           METHOD
# Database administrative login by UNIX sockets
local   all         postgres                                        ident 
# All other connections by UNIX sockets
local   all         all                                             ident 
# All IPv4 connections from localhost
host    all         all   ident 
# All IPv6 localhost connections
host    all         all         ::1               
ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff        ident sameuser
host    all         all         ::ffff:                ident 
# reject all other connection attempts
host    all         all            reject

The big problem is the only authentication method is "ident sameuser", however
gnumed wants to connect as users that don't exist as system users, such a
"gm-dbowner" and "test-doc". [note these names are configurable, by renaming 
them to
real system users it may be possible to get gnumed working with this default 

I have found the most restrictive option that still allows gnumed install is
I think you have not.  Just try to install the gnumed-snapshot-server package
and answer the debconf question that the package is allowed to change your
postgres configuration.  You will find some additional lines in your pg_hba.conf
which should enable to bootstrap gnumed-server.  Please report here if something

The additional lines can be obtained from

Stripped all comments you get the remaining

local        template1      @gmTemplate1User.list                  password
local        gnumed-test    @gmTemplate1User.list                  trust
local   gnumed-test  @gmGnumedUser.list                     password

local    all            postgres      ident sameuser # so postgres can connect 
w/o password
local    gnumed  all                 md5     # allows any user to connect with 
password, but only to gnumed
This is more than necessary.  In the @*.list files which are symlinked
to /etc/gnumed you are able to configure additional users who should
be allowed to access the server.

Gnumed *should* work solely through a UNIX socket connection.
It is.

Kind regards


reply via email to

[Prev in Thread] Current Thread [Next in Thread]