Re: ident client authentication - Mailing list pgsql-general

From Paul Hide
Subject Re: ident client authentication
Date
Msg-id b117fb190511080926m6d3a2f05m729d9cd27632fc1@mail.gmail.com
Whole thread Raw
In response to Re: ident client authentication  (Richard Huxton <dev@archonet.com>)
Responses Re: ident client authentication
List pgsql-general
Thanks for the reply.

Is this right then? For ident to work could I, as Bruno Wolff III suggested, map the apache user to jim using pg_ident.

I suppose if I do that it might be rather risky from a security point of view. Since any script running would then run as jim.

Perhaps I shoulkd do as you suggested and use password authentication.

Paul Hide

On 11/8/05, Richard Huxton <dev@archonet.com> wrote:
Paul Hide wrote:
> I have a problem with ident client authentication.
> My server is debian sarge, pg version is 7.4.7, apache 2.0.54, mod_python
> 2.3. A python script is placed on the server and runs under mod_python in
> apache.

> However, if i have
> local all jim ident sameuser
> I get FATAL: IDENT authentication failed for user jim, via mod-python debug
> and in postgres log.
>
> jim is both a unix user (linux) and a postgres user.
>
> Is this what would be expected?
> How can I make ident authentication work?

At a guess, your Python script is running as the same user as your
webserver (usually apache/www-data/nobody or similar). This is why the
"ident sameuser" isn't working.

You'll either need to log in as the webserver user, or use password
authentication.

> Any help would be appreciated, including where this message should be posted
> if this list is inappropriate.

This list is fine.

HTH

--
   Richard Huxton
   Archonet Ltd

pgsql-general by date:

Previous
From: "Gerard O Connor"
Date:
Subject: Re: [ANNOUNCE] PostgreSQL 8.1.0 Release Candidate 1
Next
From: Will Wright
Date:
Subject: Re: Programmatic method to determine currently installed Windows PostrgreSQL version