Thread: phpPgAdmin + PostgreSQL + authentication
Howdy:
Not sure if this the most likely of maillists to ask,
but is anyone using phpPgAdmin? I have a few questions
regarding authentication of username / passwords.
I'm running PostgreSQL 7.2.1 on RedHat Linux 7.2 kernel 2.4.7-10.
I have phpPgAdmin 2.4.2 installed.
Basically, I want to know: how to configure phpPgAdmin to
allow all the users that exist in pg_shadow to log in and
be authenticated?
In my pg_hba.conf, I have this:
[snip conf file]
# TYPE DATABASE IP_ADDRESS MASK AUTH_TYPE AUTH_ARGUMENT
local all trust
host all 127.0.0.1 255.255.255.255 md5
host all 16.x.x.1 255.0.0.0 md5
host all 192.168.0.0 255.255.255.0 md5
[/snip conf file]
In the config.inc.php, I have this:
[snip php conf]
// The $cfgServers array starts with $cfgServers[1]. Do not use $cfgServers[0].
// You can disable a server config entry by setting host to ''.
$cfgServers[1]['local'] = false;
$cfgServers[1]['host'] = 'test.localserver.net';
$cfgServers[1]['port'] = '5432';
$cfgServers[1]['adv_auth'] = true;
$cfgServers[1]['user'] = ''; // if you are not using adv_auth,
// enter the username to connect all the time
$cfgServers[1]['password'] = ''; // if you are not using adv_auth and
// a password is required enter a password
$cfgServers[1]['only_db'] = ''; // if set to a db-name, only this db is accessible
[/snip php conf]
As I understand it, shouldn't this allow any user with TCP connection
to access the database? I suppose I am trying to understand if
adv_auth even uses pg_shadow at all, or, does 'local' means that
no authentication is needed, anyone can log in.
The only thing that happens at the index.php page is when I log
in, I get "Wrong username/password. Access denied".
I mean, if I can access the database via command line (psql -U joe -d testdb)
without needing to authenticate myself, shouldn't that mean that phpPgAdmin
allows the same thing? Otherwise, I should be able to use what's in
pg_shadow, right?
I am re-reading the documentation page. Any info / direction is appreciated.
Thanks!
-X
I've used phpPgAdmin before. My guess is that your failing because postgresql is expecting an md5'd password to authenticate with, and phpPgAdmin is passing in an unencrypted password. On a related note, setting phpPgAdmin to advanced authentication mode, it will rely on the information in pg_shadow. Robert Treat On Tue, 2002-10-08 at 12:21, Johnson, Shaunn wrote: > Howdy: > > Not sure if this the most likely of maillists to ask, > but is anyone using phpPgAdmin? I have a few questions > regarding authentication of username / passwords. > > I'm running PostgreSQL 7.2.1 on RedHat Linux 7.2 kernel 2.4.7-10. > I have phpPgAdmin 2.4.2 installed. > > Basically, I want to know: how to configure phpPgAdmin to > allow all the users that exist in pg_shadow to log in and > be authenticated? > > In my pg_hba.conf, I have this: > > [snip conf file] > > # TYPE DATABASE IP_ADDRESS MASK AUTH_TYPE > AUTH_ARGUMENT > local all trust > host all 127.0.0.1 255.255.255.255 md5 > host all 16.x.x.1 255.0.0.0 md5 > host all 192.168.0.0 255.255.255.0 md5 > > [/snip conf file] > > In the config.inc.php, I have this: > > [snip php conf] > > > // The $cfgServers array starts with $cfgServers[1]. Do not use > $cfgServers[0]. > // You can disable a server config entry by setting host to ''. > $cfgServers[1]['local'] = false; > $cfgServers[1]['host'] = 'test.localserver.net'; > $cfgServers[1]['port'] = '5432'; > $cfgServers[1]['adv_auth'] = true; > > $cfgServers[1]['user'] = ''; // if you are not using > adv_auth, > // enter the > username to connect all the time > $cfgServers[1]['password'] = ''; // if you are not using adv_auth > and > // a password is > required enter a password > $cfgServers[1]['only_db'] = ''; // if set to a db-name, only > this db is accessible > > > [/snip php conf] > > As I understand it, shouldn't this allow any user with TCP connection > to access the database? I suppose I am trying to understand if > adv_auth even uses pg_shadow at all, or, does 'local' means that > no authentication is needed, anyone can log in. > > The only thing that happens at the index.php page is when I log > in, I get "Wrong username/password. Access denied". > > I mean, if I can access the database via command line (psql -U joe -d > testdb) > without needing to authenticate myself, shouldn't that mean that > phpPgAdmin > allows the same thing? Otherwise, I should be able to use what's in > pg_shadow, right? > > I am re-reading the documentation page. Any info / direction is > appreciated. > > Thanks! > > -X >