Hi Harry,
if it’s not too much to ask. How/what did you fix?
it might help me someday, too.
-botp
···
-----Original Message-----
From: Harry Ohlsen [mailto:harryo@zip.com.au]
Sent: Friday, October 04, 2002 9:07 AM
To: ruby-talk@ruby-lang.org
Subject: Re: mod_ruby and postgresql
Just to save anyone else thinking too hard about my problems,
I just thought
I’d let people know that Alan Chen gave me some clues as to
how to make the
authentication work the way I expected in postgres.
Now, everything seems to work just fine. I’ve even been able
to remove the
untaint from my select statement (and will experiment with
removing some
others soon).
My serious thanks go to Alan. This was driving me crazy …
and I’m already
crazy enough :-).
Harry O.
Alan explained that in order for a user other than the owner of a particular
database to access it, one needs to do some setup in two files: pg_hba.conf
and pg_ident.conf.
In my case, I wanted the user “apache” to be able to access the database
“harryo” (which is owned by harryo). In pg_hba.conf, I added
local harryo ident mymap
As far as I understand it, this means that when anyone tries to access
database “harryo” locally (ie, on this host), use the authentication defined
in pg_ident.conf as “mymap”.
In pg_ident.conf, I added
mymap apache harryo
mymap harryo harryo
I believe what this says is, if either “apache” or “harryo” attempts to access
anything specified as mapping to “mymap” (in this case, just the database
“harryo” as defined by the previous change in pg_hba.conf), authenticate them
as though they were “harryo”.
I’m not sure why this is necessary, since I had apache connecting to the
database as “harryo”, anyway, but it works fine. I’ll worry about
understanding it later … maybe :-).
Harry O.
···
On Fri, 4 Oct 2002 11:47, Peña, Botp wrote:
Hi Harry,
if it’s not too much to ask. How/what did you fix?
it might help me someday, too.
Just so everybody knows, this is just one way to setup the posgres authentication.
Depending on your objectives, there are many other variations, particularly if you
need to make the database visible to direct connections from other machines.
···
On Fri, Oct 04, 2002 at 05:05:26PM +0900, Harry Ohlsen wrote:
On Fri, 4 Oct 2002 11:47, Pe?a, Botp wrote:
Hi Harry,
if it’s not too much to ask. How/what did you fix?
it might help me someday, too.
Alan explained that in order for a user other than the owner of a particular
database to access it, one needs to do some setup in two files: pg_hba.conf
and pg_ident.conf.
In my case, I wanted the user “apache” to be able to access the database
“harryo” (which is owned by harryo). In pg_hba.conf, I added
local harryo ident mymap
As far as I understand it, this means that when anyone tries to access
database “harryo” locally (ie, on this host), use the authentication defined
in pg_ident.conf as “mymap”.
In pg_ident.conf, I added
mymap apache harryo
mymap harryo harryo
I believe what this says is, if either “apache” or “harryo” attempts to access
anything specified as mapping to “mymap” (in this case, just the database
“harryo” as defined by the previous change in pg_hba.conf), authenticate them
as though they were “harryo”.
I’m not sure why this is necessary, since I had apache connecting to the
database as “harryo”, anyway, but it works fine. I’ll worry about
understanding it later … maybe :-).
Harry O.
–
Alan Chen
Digikata LLC
http://digikata.com