On Sat, Jul 01, 2006 at 01:50:00PM +0200, Sven Hartge wrote: > Um 05:11 Uhr am 01.07.06 schrieb John Goerzen: > > password for use with MD5 on install time as well. > > I see two problems here: > > a) debconf allows the user to use "ident sameuser", but this cannot work > without manually changing the init-script or putting a > > local bacula bacula trust sameuser > > into pg_hba.conf (which is of course totally insecure). > > So please remove this option from the package.
I can't; that prompt comes from dbconfig-common. I don't think it is wrong of it to offer this anyway. As I said, you could put in a map. Obviously "trust sameuser" is bad, but you could put in a map so it could trust root. > b) "ident sameuser" is the only method configured for "local" type > connections using the unix socket of postgres. While _I_ am perfectly > able to reconfigure postgres to also require md5 when using the > socket, other users might expect bacula and postgres to just work out > of the box (which it does with mysql or sqlite). When I tried it with md5, it seemed perfectly happy to work in that way. Have you tried it on your system? > So please change the package to use "host"-type connections which are > already configured to use md5 and remove the option to use the ident > method. As I said, this package uses dbconfig-common for configuration, so this setup is out of my hands. However, if you do supply a password, dbconfig-common seems to me to be smart enough to Do The Right Thing. I could add a debconf note before calling dbconfig-common that using ident alone will require an identmap. -- John -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
