On 18/08/2011 7:20 AM, Tom Browder wrote:
> I have installed postgresql 9.0.4 from source on aUbuntu 10.04 LTS
> 64-bit remote host.
>
> I have installed phppgadmin, Apache2, and other required programs and
> libraries via the Ubuntu package manager.
>
> I have successfully created the user posgtres, executed initdb
> successfully, and can execute pqsql to connect to template1, all while
> logged in via ssh onto the remote host
>
> I have set postgresql to listen on all.
>
> I have these lines in my pg_hba.conf file:
>
> host all myuser<a remote host IP>/32 md5
> host all postgres<a remote host IP>/32 md5
>
> However, I cannot successfully login with phppgadmin on the remote host.
Given the config you showed, that *should* work. Did you restart apache
after altering your phppgadmin config?
It's usually best to have phppgadmin (or whatever) connect to 127.0.0.1
for localhost, rather than the public IP address anyway. I'd recommend
letting phppgadmin connect to localhost (127.0.0.1/32) and setting that
to md5 auth in pg_hba.conf .
Most web-based database apps don't work well with "ident" authentication
because they're all running under the apache or www-data user, so you'll
need to add a like for the database(s) and user(s) of interest that
specifies md5 auth. For example, if your admin app uses the "postgres"
user and you want it to access all databases:
host all postgres 127.0.0.1/32 md5
(or the "local" clause instead if your app uses a unix socket).
Personally I wish Pg would permit the client to use md5 auth when ident
fails - support something like "ident_or_md5" as an authmode. That'd
solve a lot of usability issues for new admins around configuring auth.
--
Craig Ringer
