Thread: phpPgAdmin + PostgreSQL + authentication

phpPgAdmin + PostgreSQL + authentication

From
"Johnson, Shaunn"
Date:

Howdy:

Not sure if this the most likely of maillists to ask,
but is anyone using phpPgAdmin?  I have a few questions
regarding authentication of username / passwords.

I'm running PostgreSQL 7.2.1 on RedHat Linux 7.2 kernel 2.4.7-10.
I have phpPgAdmin 2.4.2 installed.

Basically, I want to know:  how to configure phpPgAdmin to
allow all the users that exist in pg_shadow to log in and
be authenticated?

In my pg_hba.conf, I have this:

[snip conf file]

# TYPE     DATABASE    IP_ADDRESS    MASK               AUTH_TYPE  AUTH_ARGUMENT
local        all                                            trust
host         all         127.0.0.1       255.255.255.255    md5
host         all         16.x.x.1        255.0.0.0          md5
host         all         192.168.0.0     255.255.255.0      md5

[/snip conf file]

In the config.inc.php, I have this:

[snip php conf]

// The $cfgServers array starts with $cfgServers[1].  Do not use $cfgServers[0].
// You can disable a server config entry by setting host to ''.
$cfgServers[1]['local']         = false;
$cfgServers[1]['host']          = 'test.localserver.net';
$cfgServers[1]['port']          = '5432';
$cfgServers[1]['adv_auth']      = true;

$cfgServers[1]['user']          = '';   // if you are not using adv_auth,
                                                    // enter the username to connect all the time
$cfgServers[1]['password']      = '';   // if you are not using adv_auth and
                                                    // a password is required enter a password
$cfgServers[1]['only_db']       = '';   // if set to a db-name, only this db is accessible

[/snip php conf]

As I understand it, shouldn't this allow any user with TCP connection
to access the database?  I suppose I am trying to understand if
adv_auth even uses pg_shadow at all, or, does 'local' means that
no authentication is needed, anyone can log in.

The only thing that  happens at the index.php page is when I log
in, I get "Wrong username/password. Access denied".

I mean, if I can access the database via command line (psql -U joe -d testdb)
without needing to authenticate myself, shouldn't that mean that phpPgAdmin
allows the same thing?  Otherwise, I should be able to use what's in
pg_shadow, right?

I am re-reading the documentation page.  Any info / direction is appreciated.

Thanks!

-X

Re: phpPgAdmin + PostgreSQL + authentication

From
Robert Treat
Date:
I've used phpPgAdmin before. My guess is that your failing because
postgresql is expecting an md5'd password to authenticate with, and
phpPgAdmin is passing in an unencrypted password.

On a related note, setting phpPgAdmin to advanced authentication mode,
it will rely on the information in pg_shadow.

Robert Treat

On Tue, 2002-10-08 at 12:21, Johnson, Shaunn wrote:
> Howdy:
>
> Not sure if this the most likely of maillists to ask,
> but is anyone using phpPgAdmin?  I have a few questions
> regarding authentication of username / passwords.
>
> I'm running PostgreSQL 7.2.1 on RedHat Linux 7.2 kernel 2.4.7-10.
> I have phpPgAdmin 2.4.2 installed.
>
> Basically, I want to know:  how to configure phpPgAdmin to
> allow all the users that exist in pg_shadow to log in and
> be authenticated?
>
> In my pg_hba.conf, I have this:
>
> [snip conf file]
>
> # TYPE     DATABASE    IP_ADDRESS    MASK               AUTH_TYPE
> AUTH_ARGUMENT
> local        all                                            trust
> host         all         127.0.0.1       255.255.255.255    md5
> host         all         16.x.x.1        255.0.0.0          md5
> host         all         192.168.0.0     255.255.255.0      md5
>
> [/snip conf file]
>
> In the config.inc.php, I have this:
>
> [snip php conf]
>
>
> // The $cfgServers array starts with $cfgServers[1].  Do not use
> $cfgServers[0].
> // You can disable a server config entry by setting host to ''.
> $cfgServers[1]['local']         = false;
> $cfgServers[1]['host']          = 'test.localserver.net';
> $cfgServers[1]['port']          = '5432';
> $cfgServers[1]['adv_auth']      = true;
>
> $cfgServers[1]['user']          = '';   // if you are not using
> adv_auth,
>                                                     // enter the
> username to connect all the time
> $cfgServers[1]['password']      = '';   // if you are not using adv_auth
> and
>                                                     // a password is
> required enter a password
> $cfgServers[1]['only_db']       = '';   // if set to a db-name, only
> this db is accessible
>
>
> [/snip php conf]
>
> As I understand it, shouldn't this allow any user with TCP connection
> to access the database?  I suppose I am trying to understand if
> adv_auth even uses pg_shadow at all, or, does 'local' means that
> no authentication is needed, anyone can log in.
>
> The only thing that  happens at the index.php page is when I log
> in, I get "Wrong username/password. Access denied".
>
> I mean, if I can access the database via command line (psql -U joe -d
> testdb)
> without needing to authenticate myself, shouldn't that mean that
> phpPgAdmin
> allows the same thing?  Otherwise, I should be able to use what's in
> pg_shadow, right?
>
> I am re-reading the documentation page.  Any info / direction is
> appreciated.
>
> Thanks!
>
> -X
>