[freeside] fs-setup (*sigh*)

[Randall Lucas]

Hi everyone,

Just to clarify, Randall did NOT suggest removing the -i.  Randall 
suggested not permitting "trust" for "all," because if that gets left 
in the config, one day someone will just assume that Postgres was set 
up right, and they will have fallen into a gaping security hole.

Leave -i in, otherwise you can't connect via TCP/IP.

I do not advise, but state that you could put a host line in that says

host    all         all         127.0.0.1       255.255.255.255       
md5

(note, second "all" depends on postgres version; if using 7.3 use two, 
otherwise use one)

Always but always use md5, just as a matter of course.  Trust is not an 
OK way to authenticate people to your database.  That being said, read 
the PG docs and mailing lists.  This is not sufficient info for you to 
properly and securely run postgres.

Randall



On Thursday, July 10, 2003, at 04:12 PM, Lal, Deepak (Contractor) wrote:

>> Have you simply tried to connect to Postgres from a client using the
>> username and password and database name you are trying to use with 
>> freeside?
>
> Yes, I have and it works. If I use psql there is not problem to 
> connect.
> And this is exactly what is making me "mad".
>
> But as I mentioned in my previous email, if I start postmaster with 
> the "-i"
> option (allow tcp/ip connections) and put the following entry in the 
> pg_hba.conf
> file :
>
> host       all         127.0.0.1     255.255.255.255    trust
>
> Then it works and I can connect to the database using the fs-setup 
> program !!
>
> Randall suggested configuring using md5 authentication and removing 
> the "-i" and
> the "127.0.0.1 ..." entry and then trying it. I did just that and now 
> it does
> not work again.
>