On Wed, 26 Jan 2005, Martin Pitt wrote:
Well, this is not _exactly_ right since you can map system users to
database users in pg_ident.conf, but that would mean yet another
conffile to touch.
... which should probably be avoided. Moreover I had bad experiences while
trying that some years ago.
I think pg_hba.conf does not have this feature. However, if that would
help and some kind of pg_hba.d/ structure would solve problems, I
think it would not be that hard to add that feature for Debian.
IMHO this would be really great. Currently I prepend the following lines
in pg_hba.conf:
### DO NOT REMOVE THIS LINE: GNUMED_SERVER_CONFIG_DONE
### Next lines inserted by gnumed-server install
#
## Enable bootstraping the GnuMed-Server
#
# Enables socket authentification to template1 for users mentioned in
# file $PGDATA/gmTemplate1User.list (=gm-dbowner) with PASSWORD authentication
# to enable creating gnumed database and users
local template1 @gmTemplate1User.list password
#
# Enables socket authentification to gnumed-test for users mentioned in
# file $PGDATA/gmTemplate1User.list (=gm-dbowner) with authentication TRUST
# to pupulate database with data. Unfortunately the current bootstraping method
# requires TRUST. :-(
local gnumed-test @gmTemplate1User.list trust
#
## Enable client connections to the GnuMed-Server
#
# Enables socket authentification to gnumed-test for users mentioned in
# file $PGDATA/gmGnumedUser.list with PASSWORD authentication
# The file $PGDATA/gmGnumedUser.list should be regarded as config file
# and thus it is a symlink to /etc/gnumed/gmGnumedUser.list
local gnumed-test @gmGnumedUser.list password
#
# Uncomment this to enable remote users connecting to the GnuMed server
# You have to provide <IPADDR> and <IPMASK>
# <IPADDR> = 0.0.0.0 and <IPMASK> = 255.255.255.255
# means connection from all hosts is allowed
#
# host gnumed-test @gmGnumedUser.list <IPADDR> <IPMASK> md5
# hostssl gnumed-test @gmGnumedUser.list <IPADDR> <IPMASK> md5
### End gnumed-server install
### DO NOT REMOVE THIS LINE: GNUMED_SERVER_CONFIG_END
I know that gforge maintainers do similar things. This could be much cleaner
be done with
pg_hba.d/50_gnumed
pg_hba.d/50_gforge
...
whatever and I would greatly appreciate this.
However, the general approach to these web applications wrt
databases should be discussed, and a generally working solution should
be found before I start hacking. :-)
Sure.
Kind regards
Andreas.
--
http://fam-tille.de
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
