On Mon, Jan 12, 2004 at 10:04:53AM -0600, Bruno Wolff III wrote:
> On Mon, Jan 12, 2004 at 07:42:41 -0800,
> Bill Moseley <moseley@hank.org> wrote:
> >
> > I don't know php, but is it (or Apache) running as user russell? If
> > not, then you can't authorize by IDENT.
>
> It is possible to authenticate using ident using a map that says the
> webserver account is allowed to use the db account "russell". The web server
> must either be on the same machine uisng domain sockets for connecting
> (which looks to be the case here) or be running an ident server.
I was not able to get this configuration working, so I think I'm not
understanding the documentation correctly. Or maybe I was expecting
that "sameuser" would work:
moseley@bumby:~$ createdb newdb
CREATE DATABASE
moseley@bumby:~$ psql newdb
Welcome to psql 7.4.1, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help on internal slash commands
\g or terminate with semicolon to execute query
\q to quit
newdb=> \q
moseley@bumby:~$ su
Password:
bumby:/home/moseley# fgrep moseley /etc/postgresql/pg_ident.conf
sameuser www-data moseley
bumby:/home/moseley# /etc/init.d/postgresql restart
Stopping PostgreSQL database server: postmaster.
Starting PostgreSQL database server: postmaster.
bumby:/home/moseley# su www-data
bumby:/home/moseley$ psql newdb
psql: FATAL: user "www-data" does not exist
bumby:/home/moseley$ psql -Umoseley newdb
psql: FATAL: IDENT authentication failed for user "moseley"
I even tried using my own map name instead of "sameuser".
bumby:/etc/postgresql# fgrep testmap pg_hba.conf pg_ident.conf
pg_hba.conf:host all all 127.0.0.1 255.255.255.255 ident testmap
pg_ident.conf:testmap moseley www-data
So I think I'm missing an important concept.
--
Bill Moseley
moseley@hank.org
