[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SF.net SVN: ledger-smb:[4703] branches/1.3/INSTALL



Revision: 4703
          http://ledger-smb.svn.sourceforge.net/ledger-smb/?rev=4703&view=rev
Author:   einhverfr
Date:     2012-05-09 03:52:11 +0000 (Wed, 09 May 2012)
Log Message:
-----------
Added instructions for the pg_hba.conf bit of the install

Modified Paths:
--------------
    branches/1.3/INSTALL

Modified: branches/1.3/INSTALL
===================================================================
--- branches/1.3/INSTALL	2012-05-08 10:53:06 UTC (rev 4702)
+++ branches/1.3/INSTALL	2012-05-09 03:52:11 UTC (rev 4703)
@@ -66,14 +66,39 @@
 pg_hba.conf settings for production
 -----------------------------------
 
-<section to be filled out>
+LedgerSMB passes through the HTTP auth info to PostgreSQL as user
+credentials.  Currently we do not support Kerberos auth but that won't
+be hard to add once someone wants it (maybe a couple hours of
+development time).  Consequently, you should be aware of a couple of
+things:
 
-pg_hba.conf settings during setup (tools/prepare-company-database.sh)
----------------------------------------------------------------------
+1)  Re-usable credentials are required.  That basically means HTTP
+Basic unless you want to set up Kerberos.  As a result you will
+certainly want to run this over SSL if this is not a single system
+operation (which in your cases it is not).
 
-<section to be filled out>
+2)  This also means that PostgreSQL must be able to use the
+credentials the web server accepts.  Currently we recommend the md5
+authentication method in the pg_hba.conf.  If you set pg_hba.conf
+options to trust, then it won't even check the password or the
+password expiration, so don't do that outside of testing/recovery
+scenarios.
 
+3)  The postgres user or other db superuser must be given access via
+the web app in order to create databases.
 
+A typical pg_hba.conf entry might be:
+
+host   all   all   127.0.0.1/32    md5
+
+If you want to lock this down, you can lock it down further by:
+host   lsmbdb  all  127.0.0.1/32    md5
+host   template1 postgres 127.0.0.1/32    md5
+host  postgres postgres  127.0.0.1/32    md5
+
+Note that the above will require new pg_hba.conf lines for each db created.
+
+
 Installing Perl module dependencies
 ===================================
 

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.