[ckan-dev] postgres permissions

David Read david.read at okfn.org
Wed Oct 5 15:33:34 UTC 2011


On 5 October 2011 16:09, Florian Marienfeld
<florian.marienfeld at fokus.fraunhofer.de> wrote:
> Ok, thats an explanation. but that would mean that ckan in general uses
> the loopback interface right? I'm no db expert, either, but I kind of
> tend to trust the debian default config. so you are suggesting the
> default postgres config is wrong?

I'm just saying that's what I do and it works. Good point about ckan
using loopback - I'll follow it up when I get a chance.

David

>
> On 05.10.11 17:04, David Read wrote:
>> Hi Florian,
>>
>> I understand from your messages on Bitbucket that you're having
>> problems with postgres permissions.
>> https://bitbucket.org/okfn/ckan/pull-request/2/add-h-localhost-to-postgres-command-for#comment-301
>>
>> You did:
>> $ paster --plugin=ckan db dump ckan.dump --config=/etc/ckan/std/std.ini
>> which runs pg_dump like this:
>> $ pg_dump --username=std -W std > ckan.dump
>> but you get this error:
>> FATAL:  Ident authentication failed for user "std"
>>
>> Whereas you get success if you add "-h localhost" to the pg_dump command.
>>
>> The error is due to your postgres permissions setup, I believe
>> (/etc/postgresql/8.4/main/pg_hba.conf) and I suggest you fix this,
>> rather than add the loopback complexity to the command line interface
>> code.
>>
>> I'm no expert on postgres permissions, and wish I knew more about
>> them, but from what I can work out:
>>
>> If you don't specify -h then it goes straight to the postgres process
>> - Unix domain socket, known as "local" in pg_hba.conf.
>>
>> Whereas "-h localhost" uses the loopback interface and has different
>> permissions in pg_hba.conf. In my conf it is known by CIDR
>> "127.0.0.1/32".
>>
>> I hope that helps. Of course, if you can shed any more light on the
>> general area, then it would be much appreciated.
>>
>> David
>
>




More information about the ckan-dev mailing list