Forum OpenACS Q&A: postgres and user passwords not seem to work.

users dont seem to need password in postgres 7 on red hat linux 6.2,
compiled from source.

I do an:

      alter user nsadmin with password 'whatever';

And then when I do an:

      psql -u -d mydb

      username: nsadmin
      password: NOTwhatever

IT STILL LETS ME IN ????

This should not be so should it ?

please advise, thanks

mailto:streethockey@ureach.com

My guess is that your pg_hba.conf (in debian it is in /etc/postgresql) has something like

local        all                                          trust

Then you really don't need a password to get in postgres when you're connecting from the same machine that postgres is running (although postgres will still ask for it after your username if you have -u as a flag).  This assumes that the O/S does a good job at authenticating users on the host machine.

If you want passwords to work, you need to change "trust" to something else, e.g. "password".  The file pg_hba.conf usually has notes about the authentication scheme. Or the manual.

Collapse
Posted by Don Baccus on
Jowell's right, pg_hba.conf has localhost set to trust by default.    The default copy of pg_hba.conf does indeed have a page of documentation describing how it works.  You can find it in /usr/local/pgsql/data if you've built it from source using the default makefile.
Collapse
Posted by Eric Webber on
Got it, thanks everyone, I am just bewildered
why it would default to wide open.  Easy enough to secure.
I really like postgres, it is AWESOME.
Does anyone know where a good head to head out of the box
comparison of postgres 7, oracle 8i, interbase might be ?
thanks again !
Collapse
Posted by Don Baccus on
Well ... it's only "wide-open" on the local host, and in the traditional Postgres environment (academic or departmental in a tech org) this seems reasonable.  It also makes it easy for the makefiles to run regression tests automatically on a freshly-built installation ...

The Postgres folk are loath to change default behavior that folks have grown used to.  We really need a good  security overview doc for OpenACS, and covering configuration of PG for better security should probably be in it.  We all know we need to change the default installation of most linux distros, etc so most won't be surprised at the need to diddle Postgres a bit.

As far as a head-to-head comparision, this would be an excellent little project for someone to write specifically for the ACS or other webserving environment.  IMO InterBase and PG are roughly comparable, with there being a faster improvement curve with PG (or else it would still Really Suck!), so the real question becomes "when does it make sense to shell out the bucks for Oracle?  How far can I scale with PG or InterBase?".  Things like automatic replication, better tunability (Oracle has incredible granularity in this area), etc all add up to the impression that at SOME point Oracle makes a great deal of sense, but it's hard to say "when".

Collapse
Posted by Janine Ohmer on
Another datapoint - in the default security mode, it will let you connect to a database you didn't create, but it won't let you actually do anything (ie, an attempt to "select email from users" resulted in "ERROR:  users: Permission denied.".)

I've been exploring this tonight because we need to have proper user-level security for our hosting service (which will be ready Real Soon Now tm), but turning on any type of password authentication really messes with pg_dump.  For one thing, pg_dumpall doesn't work at all.  And even if you're willing to pg_dump individual databases, you still have problems because the only way to get the username and password to pg_dump is to do something gross like this:

pg_dump database < user-pass-file > output-file

because it prompts for them on the command line.  Another problem is that the prompts themselves end up in the output file.  Altogether yucky.  So when I read this in the Postgres docs

"Each user in Postgres is assigned a username and (optionally) a password. By default, users do not have write access to databases they did not create."

I decided to try it, and lo and behold it appears that they don't have read access either.  *phew*!!!

Of course, please speak up if I'm wrong about this!  And if there's a way to use password authentication and pg_dump peacefuly, I'd love to hear it.