Hello Rob, Bacularis is not able to use the peer authentication method easily because it is authentication that is based on system users. In this case the Bacularis PHP user usually is different from the default Bacula database user.
In your case I think if you want you can stay in the peer method for Bacula connections and add a line in pg_hba.conf to TCP/IP connections for Bacularis. Something like: # "local" is for Unix domain socket connections only (for Bacula) local all all peer # IPv4 local connections (for Bacularis): host all all 127.0.0.1/32 scram-sha-256 The only thing to do is to set password for your 'bacula' user: ALTER USER bacula WITH PASSWORD 'STRONG_PASSWORD'; This password will be used for TCP/IP connections but Bacula will not need it. Best regards, Marcin Haba (gani) On Wed, 3 Apr 2024 at 17:27, Rob Gerber <r...@craeon.net> wrote: > Marcin, > > Thank you for the very quick response! I will experiment with this when I > have some time. > > I am guessing because I've never configured a password for the bacula > database, and based on my pg_hba.conf, that bacula is authenticating to the > database server via peer connections, so bacula doesn't need a password to > access the database (in my default configuration). This detail kind of > stumped me at first. Please let me know if you think this is incorrect. My > original fear was that resetting the database password would lock bacula > out of the database. > > Robert Gerber > 402-237-8692 > r...@craeon.net > > On Tue, Apr 2, 2024, 11:40 PM Marcin Haba <ganius...@gmail.com> wrote: > >> Hello Rob, >> >> At the moment I prepared a section about the authentication methods in >> the Bacularis documentation. You can read it here: >> >> >> https://bacularis.app/doc/brief/configuration.html#bacula-catalog-database-access >> >> Best regards, >> Marcin Haba (gani) >> >> On Wed, 3 Apr 2024 at 04:51, Marcin Haba <ganius...@gmail.com> wrote: >> >>> Hello Rob, >>> >>> Thanks for your question. >>> >>> As the authentication method in PostgreSQL pg_hba.conf you can use >>> scram-sha-256 This method is available starting from PostgreSQL 10. >>> >>> For the Bacularis documentation, yes, it looks to be missing there. I >>> will add to the doc this section about configuring the Catalog Database >>> access in Bacularis. Thanks for pointing it. >>> >>> Best regards, >>> Marcin Haba (gani) >>> >>> On Wed, 3 Apr 2024 at 00:50, Rob Gerber <r...@craeon.net> wrote: >>> >>>> I have previously set up bacula and bacularis on Rocky Linux 9. At the >>>> time I ran into issues giving bacularis access to bacula's postgresql >>>> database. I didn't know the bacula database password. At that time I set >>>> the postgresql pg_hba.conf file to use "trust". However I am concerned that >>>> this isn't a good security best practice. >>>> >>>> I am setting up a second bacula / Bacularis system and I'd like to >>>> revisit this postgres authentication issue so I can follow best practice >>>> better. >>>> >>>> The bacularis documentation doesn't make it clear how I am supposed to >>>> authenticate bacularis to bacula's database. >>>> >>>> I suspect there is a process that is obvious to many others and not to >>>> me. >>>> >>>> Does anyone here have suggestions for how I might authenticate >>>> bacularis to the bacula database? >>>> >>>> Robert Gerber >>>> 402-237-8692 >>>> r...@craeon.net >>>> _______________________________________________ >>>> Bacula-users mailing list >>>> Bacula-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/bacula-users >>>> >>> >>> >>> -- >>> >>> "Greater love hath no man than this, that a man lay down his life for his >>> friends." Jesus Christ >>> >>> "Większej miłości nikt nie ma nad tę, jak gdy kto życie swoje kładzie za >>> przyjaciół swoich." Jezus Chrystus >>> >>> >> >> -- >> >> "Greater love hath no man than this, that a man lay down his life for his >> friends." Jesus Christ >> >> "Większej miłości nikt nie ma nad tę, jak gdy kto życie swoje kładzie za >> przyjaciół swoich." Jezus Chrystus >> >> -- "Greater love hath no man than this, that a man lay down his life for his friends." Jesus Christ "Większej miłości nikt nie ma nad tę, jak gdy kto życie swoje kładzie za przyjaciół swoich." Jezus Chrystus
_______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
