ident authentication problem

Shanta McBain

Hi

I am running Mandrake 10 and would like to get sql-ledger to access the
database.

I can get in to the database with a local user at the command prompt and Web
Admin.

sql-ledger returns ident authentication problem.

the included faq
has this to say

IDENT Authentication failed for user "postgres"

This error has everything to do with the way distros set up access rights
for postgres. They are way too restrictive and leave you wondering what to do
next.

Do yourself a favour and change authentication type in pg_hba.conf to

local all trust

I can't locate this file.

Any suggestions as to how to get SQL-Ledger online?

--
Thanks
Shanta McBain
Http://computersystemconsulting.ca Web hosting and Application Hosting.

---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to ma*******@postgresql.org so that your
message can get through to the mailing list cleanly

Nov 23 '05 #1

Subscribe Post Reply

1907

Karsten Hilbert

> I am running Mandrake 10 and would like to get sql-ledger to access the

database. the included faq
has this to say

Do yourself a favour and change authentication type in pg_hba.conf to

local all trust If you follow this sage advice you'll open up your financial
data to anyone happening to have an account on the machine in
question. Anyone. Not just people who also happen to have
*PostgreSQL* DB accounts.
Http://computersystemconsulting.ca Web hosting and Application Hosting. Including any internet user visiting your pages if they
succeed in getting your http server to run some script (if, of
course, sql-ledger is on the exposed machine, which it
shouldn't).
I can't locate this file.

It's in a directory off the home dir of the PostgreSQL system
account running the backends.

Do yourself a favour and read up on ident maps for PG
authentication.

Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346

---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to ma*******@postgresql.org)

Nov 23 '05 #2

Karsten Hilbert

> I am running Mandrake 10 and would like to get sql-ledger to access the

database. the included faq
has this to say

Do yourself a favour and change authentication type in pg_hba.conf to

local all trust If you follow this sage advice you'll open up your financial
data to anyone happening to have an account on the machine in
question. Anyone. Not just people who also happen to have
*PostgreSQL* DB accounts.
Http://computersystemconsulting.ca Web hosting and Application Hosting. Including any internet user visiting your pages if they
succeed in getting your http server to run some script (if, of
course, sql-ledger is on the exposed machine, which it
shouldn't).
I can't locate this file.

Nov 23 '05 #3

Jim Seymour

Shanta McBain <cs*@computersystemconsulting.ca> wrote:

[snip]
Do yourself a favour and change authentication type in pg_hba.conf to

local all trust

I can't locate this file.

Any suggestions as to how to get SQL-Ledger online?

You didn't mention what version of pgsql you're running... I'll assume
7.4.x. For this purpose, it probably doesn't matter?

You should start here

http://www.postgresql.org/docs/7.4/static/index.html

See Section III: "Server Administration"

--
Jim Seymour | Spammers sue anti-spammers:
js******@LinxNet.com | http://www.LinxNet.com/misc/spam/slapp.php
http://jimsun.LinxNet.com | Please donate to the SpamCon Legal Fund:
| http://www.spamcon.org/legalfund/

---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend

Nov 23 '05 #4

Jim Seymour

Shanta McBain <cs*@computersystemconsulting.ca> wrote:

[snip]
Do yourself a favour and change authentication type in pg_hba.conf to

local all trust

I can't locate this file.

Any suggestions as to how to get SQL-Ledger online?

Nov 23 '05 #5

Uwe C. Schroeder

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mandrake installs postgres in /var/lib/pgsql
So you should find the pg_hba.conf file in /var/lib/pgsql/data/

BTW: ever heard of locate ? A simple locate pg_hba.conf should give you the
location.
On Wednesday 21 April 2004 12:26 pm, Shanta McBain wrote:

Hi

I am running Mandrake 10 and would like to get sql-ledger to access the
database.

I can get in to the database with a local user at the command prompt and
Web Admin.

sql-ledger returns ident authentication problem.

the included faq
has this to say

IDENT Authentication failed for user "postgres"

This error has everything to do with the way distros set up access
rights for postgres. They are way too restrictive and leave you wondering
what to do next.

Do yourself a favour and change authentication type in pg_hba.conf to

local all trust

I can't locate this file.

Any suggestions as to how to get SQL-Ledger online?

- --
UC

- --
Open Source Solutions 4U, LLC 2570 Fleetwood Drive
Phone: +1 650 872 2425 San Bruno, CA 94066
Cell: +1 650 302 2405 United States
Fax: +1 650 872 2417
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAhvGrjqGXBvRToM4RAhi5AJ4nR7GrPojZA4RVmKbrhu CPDHavKQCgr7lT
SPUh0eUNTarb3ufFEmPUC/A=
=aR+7
-----END PGP SIGNATURE-----
---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend

Nov 23 '05 #6

Uwe C. Schroeder

Hi

I am running Mandrake 10 and would like to get sql-ledger to access the
database.

I can get in to the database with a local user at the command prompt and
Web Admin.

sql-ledger returns ident authentication problem.

the included faq
has this to say

IDENT Authentication failed for user "postgres"

This error has everything to do with the way distros set up access
rights for postgres. They are way too restrictive and leave you wondering
what to do next.

Do yourself a favour and change authentication type in pg_hba.conf to

local all trust

I can't locate this file.

Any suggestions as to how to get SQL-Ledger online?

Nov 23 '05 #7

Shanta McBain

On April 21, 2004 13:26, Karsten Hilbert wrote:

If you follow this sage advice you'll open up your financial
data to anyone happening to have an account on the machine in
question. Anyone. Not just people who also happen to have
*PostgreSQL* DB accounts.

Did not sound like the right thing todo That is why I asked. I am new to
Postgres.
Including any internet user visiting your pages if they
succeed in getting your http server to run some script (if, of
course, sql-ledger is on the exposed machine, which it
shouldn't).

It's not. But I would rather not open it to the world anyway.

I can't locate this file.

It's in a directory off the home dir of the PostgreSQL system
account running the backends.

Do yourself a favour and read up on ident maps for PG
authentication.

Thanks for pointing me to what I needed to read to get it to see the database.
It now accept the authentication but complains of a missing directory or
file.

This I don't know if it is SQL-Ledger problem or in Postgres. I will look
deeper to find out.

Seems like all Mandrake setup for these kinds of services are not smooth. I
have had repeated problems with getting MySQL, Perl DBI, etc working. Once I
have gone through the process though it works well.

Thanks again for the tips.

Shanta
--
Thanks
Shanta McBain
Http://computersystemconsulting.ca Web hosting and Application Hosting.

---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to ma*******@postgresql.org so that your
message can get through to the mailing list cleanly

Nov 23 '05 #8

Shanta McBain

On April 21, 2004 13:26, Karsten Hilbert wrote:

If you follow this sage advice you'll open up your financial
data to anyone happening to have an account on the machine in
question. Anyone. Not just people who also happen to have
*PostgreSQL* DB accounts.

Did not sound like the right thing todo That is why I asked. I am new to
Postgres.
Including any internet user visiting your pages if they
succeed in getting your http server to run some script (if, of
course, sql-ledger is on the exposed machine, which it
shouldn't).

It's not. But I would rather not open it to the world anyway.

I can't locate this file.

It's in a directory off the home dir of the PostgreSQL system
account running the backends.

Do yourself a favour and read up on ident maps for PG
authentication.

Nov 23 '05 #9

Jim Seymour

Karsten Hilbert <Ka*************@gmx.net> wrote:

I am running Mandrake 10 and would like to get sql-ledger to access the
database.

the included faq
has this to say

Do yourself a favour and change authentication type in pg_hba.conf to

local all trust

If you follow this sage advice you'll open up your financial
data to anyone happening to have an account on the machine in
question. Anyone. Not just people who also happen to have
*PostgreSQL* DB accounts.

[snip]

How, exactly, is that?

--
Jim Seymour | Spammers sue anti-spammers:
js******@LinxNet.com | http://www.LinxNet.com/misc/spam/slapp.php
http://jimsun.LinxNet.com | Please donate to the SpamCon Legal Fund:
| http://www.spamcon.org/legalfund/

---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/faqs/FAQ.html

Nov 23 '05 #10

Jim Seymour

Karsten Hilbert <Ka*************@gmx.net> wrote:

I am running Mandrake 10 and would like to get sql-ledger to access the
database.

the included faq
has this to say

Do yourself a favour and change authentication type in pg_hba.conf to

local all trust

If you follow this sage advice you'll open up your financial
data to anyone happening to have an account on the machine in
question. Anyone. Not just people who also happen to have
*PostgreSQL* DB accounts.

Nov 23 '05 #11

Uwe C. Schroeder

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 21 April 2004 04:53 pm, Shanta McBain wrote:

On April 21, 2004 13:26, Karsten Hilbert wrote:
If you follow this sage advice you'll open up your financial
data to anyone happening to have an account on the machine in
question. Anyone. Not just people who also happen to have
*PostgreSQL* DB accounts.

Did not sound like the right thing todo That is why I asked. I am new to
Postgres.
Including any internet user visiting your pages if they
succeed in getting your http server to run some script (if, of
course, sql-ledger is on the exposed machine, which it
shouldn't).

It's not. But I would rather not open it to the world anyway.
I can't locate this file.

It's in a directory off the home dir of the PostgreSQL system
account running the backends.

Do yourself a favour and read up on ident maps for PG
authentication.

Thanks for pointing me to what I needed to read to get it to see the
database. It now accept the authentication but complains of a missing
directory or file.

This I don't know if it is SQL-Ledger problem or in Postgres. I will look
deeper to find out.

Seems like all Mandrake setup for these kinds of services are not smooth.I
have had repeated problems with getting MySQL, Perl DBI, etc working. Once
I have gone through the process though it works well.

It's not really a Mandrake problem. They are pretty close to Redhat. The
problem is, that a lot of the packages, particularly rpm's are made for
redhat and not Mandrake. So often you end up using a redhat rpm because a
mandrake one was nowhere to find and the some tiny bit doesn't fit in.

UC

- --
Open Source Solutions 4U, LLC 2570 Fleetwood Drive
Phone: +1 650 872 2425 San Bruno, CA 94066
Cell: +1 650 302 2405 United States
Fax: +1 650 872 2417
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAhw7ljqGXBvRToM4RAjHVAJ4m14HTw4xVIN9kIR/zXUk8a7mJqQCgmD5y
9V68Y4KE5bDxc0Yx1LHEWsU=
=6SM+
-----END PGP SIGNATURE-----
---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster

Nov 23 '05 #12

Uwe C. Schroeder

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 21 April 2004 04:53 pm, Shanta McBain wrote:

On April 21, 2004 13:26, Karsten Hilbert wrote:
If you follow this sage advice you'll open up your financial
data to anyone happening to have an account on the machine in
question. Anyone. Not just people who also happen to have
*PostgreSQL* DB accounts.

Did not sound like the right thing todo That is why I asked. I am new to
Postgres.
Including any internet user visiting your pages if they
succeed in getting your http server to run some script (if, of
course, sql-ledger is on the exposed machine, which it
shouldn't).

It's not. But I would rather not open it to the world anyway.
I can't locate this file.

It's in a directory off the home dir of the PostgreSQL system
account running the backends.

Do yourself a favour and read up on ident maps for PG
authentication.

Thanks for pointing me to what I needed to read to get it to see the
database. It now accept the authentication but complains of a missing
directory or file.

This I don't know if it is SQL-Ledger problem or in Postgres. I will look
deeper to find out.

Seems like all Mandrake setup for these kinds of services are not smooth.I
have had repeated problems with getting MySQL, Perl DBI, etc working. Once
I have gone through the process though it works well.

Nov 23 '05 #13

Gregory Wood

Jim Seymour wrote:

Karsten Hilbert <Ka*************@gmx.net> wrote:
If you follow this sage advice you'll open up your financial
data to anyone happening to have an account on the machine in
question. Anyone. Not just people who also happen to have
*PostgreSQL* DB accounts.

[snip]

How, exactly, is that?

The magic is in the -U flag for psql:

psql -U pg_superuser any_db

Greg

---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster

Nov 23 '05 #14

Gregory Wood

Jim Seymour wrote:

Karsten Hilbert <Ka*************@gmx.net> wrote:
If you follow this sage advice you'll open up your financial
data to anyone happening to have an account on the machine in
question. Anyone. Not just people who also happen to have
*PostgreSQL* DB accounts.

[snip]

How, exactly, is that?

The magic is in the -U flag for psql:

psql -U pg_superuser any_db

Greg

---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster

Nov 23 '05 #15

Karsten Hilbert

> > > Do yourself a favour and change authentication type in pg_hba.conf to

local all trust

If you follow this sage advice you'll open up your financial
data to anyone happening to have an account on the machine in
question. Anyone. Not just people who also happen to have
*PostgreSQL* DB accounts.

How, exactly, is that?

a) it seems SQL ledger wants to store data in PostgreSQL
b) I assume it wants to store *financial* data
c) local/all/trust means *all* *local* users are *trusted*, eg
don't require any authentication, hence system account foo
can access *all* databases (including the SQL-ledger one)
even though foo does not have a corresponding DB account

Assuming, that there aren't any schema level restrictions
(GRANTs) set up which may or may not be the case. Forgot to
mention that point earlier on.

Or am I missing something ?

Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346

---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings

Nov 23 '05 #16

Karsten Hilbert

> > > Do yourself a favour and change authentication type in pg_hba.conf to

local all trust

If you follow this sage advice you'll open up your financial
data to anyone happening to have an account on the machine in
question. Anyone. Not just people who also happen to have
*PostgreSQL* DB accounts.

How, exactly, is that?

Nov 23 '05 #17

Alvaro Herrera

On Thu, Apr 22, 2004 at 01:58:14PM +0200, Karsten Hilbert wrote:

a) it seems SQL ledger wants to store data in PostgreSQL
b) I assume it wants to store *financial* data
c) local/all/trust means *all* *local* users are *trusted*, eg
don't require any authentication, hence system account foo
can access *all* databases (including the SQL-ledger one)
even though foo does not have a corresponding DB account

Assuming, that there aren't any schema level restrictions
(GRANTs) set up which may or may not be the case. Forgot to
mention that point earlier on.

If the data is protected by GRANT/REVOKE, a malicious (or curious) user
can work around them by connecting as the database superuser, so in
practice there's no protection at all.

--
Alvaro Herrera (<alvherre[a]dcc.uchile.cl>)
"Acepta los honores y aplausos y perderás tu libertad"

---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to ma*******@postgresql.org)

Nov 23 '05 #18

Alvaro Herrera

On Thu, Apr 22, 2004 at 01:58:14PM +0200, Karsten Hilbert wrote:

a) it seems SQL ledger wants to store data in PostgreSQL
b) I assume it wants to store *financial* data
c) local/all/trust means *all* *local* users are *trusted*, eg
don't require any authentication, hence system account foo
can access *all* databases (including the SQL-ledger one)
even though foo does not have a corresponding DB account

Assuming, that there aren't any schema level restrictions
(GRANTs) set up which may or may not be the case. Forgot to
mention that point earlier on.

Nov 23 '05 #19

Shanta McBain

On April 22, 2004 04:58, Karsten Hilbert wrote:

How, exactly, is that?
a) it seems SQL ledger wants to store data in PostgreSQL

It is the prefred database but I think you can use others.
b) I assume it wants to store *financial* data
Yes It is an accounting package.
c) local/all/trust means *all* *local* users are *trusted*, eg
don't require any authentication, hence system account foo
can access *all* databases (including the SQL-ledger one)
even though foo does not have a corresponding DB account

Assuming, that there aren't any schema level restrictions
(GRANTs) set up which may or may not be the case. Forgot to
mention that point earlier on.

Or am I missing something ?

I think the SQL-ledger docs were thinking in terms of a stand alone system. My
asking this question has gotten some interesting discoution of authentication
and security. I used the suggestion on mapping the users So postgress would
be able to relate to the SQL ledger user and the allowed postgress user. This
meant that SQL-ledger may access the database without open the database to
attack. Much better solution for sure.

--
Thanks for the help.
Shanta McBain
Http://computersystemconsulting.ca Web hosting and Application Hosting.

---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to ma*******@postgresql.org so that your
message can get through to the mailing list cleanly

Nov 23 '05 #20

Shanta McBain

On April 22, 2004 04:58, Karsten Hilbert wrote:

How, exactly, is that?
a) it seems SQL ledger wants to store data in PostgreSQL

It is the prefred database but I think you can use others.
b) I assume it wants to store *financial* data
Yes It is an accounting package.
c) local/all/trust means *all* *local* users are *trusted*, eg
don't require any authentication, hence system account foo
can access *all* databases (including the SQL-ledger one)
even though foo does not have a corresponding DB account

Assuming, that there aren't any schema level restrictions
(GRANTs) set up which may or may not be the case. Forgot to
mention that point earlier on.

Or am I missing something ?

Nov 23 '05 #21

Similar topics