On Thu, 28 Feb 2013 13:04:21 +1100
Igor Cicimov <icici...@gmail.com> wrote:
> > I have recently upgraded to Apache 2.4, suExec and dbd
> > authentication with PostgreSQL.  This is on a system with multiple
> > users.  Here is an example virtual host entry:
> >
> > <VirtualHost 98.158.134.24:80>
> >     ServerName admin.occ4u.org
> >     DocumentRoot /u/WEB/Misc/OCC_Admin
> >     ServerAdmin webmas...@vex.net
> >     SuexecUserGroup darcy vex
> >
> >     DBDriver pgsql
> >     DBDParams "host=localhost dbname=occ user=occ"
> >
> 
> I think the password for the user that connects to the DB should also
> be declared here like:

I have two problems with that.  I don't know all of my user's passwords
and I don't want to store clear text passwords in the configs.

> > Currently my solution is to either make the database trust any
> > connections from itself
> 
> You can make this "trust the local connections for SOME users
> including apache user". And additionally you can grant apache user
> select permissions only to the person table of the occ database.

And every other database that I need to authenticate to.  It doesn't
sound like it scales very well.  This is my current solution although I
did take it a step farther and created a view on the person tables with
just the data I needed.  The view is what I give public access to.

> > Database connections from the web site are fine since suExec runs
> > the scripts as occ.  Is there any way to make the dbd connection
> > run as occ as well?
> >
> You can run apache as occ user.

That doesn't help me authenticate the other users.  I know that I can
make this work if I have one client but I am trying to make it work for
hundreds of different users.

-- 
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:da...@vex.net
Voip: sip:da...@vex.net

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to