[Babase] Re: Ranker security problems
Lacey Maryott
lacey.maryott at duke.edu
Mon Aug 20 09:29:48 EDT 2007
I tried to connect to ranker this morning using the (most updated?
18-Aug-2007 12:51) jnlp file which I found at
https://papio.biology.duke.edu/ranker/ . I changed the server to
papio.biology.duke.edu instead of the default papio-vpn.biology.duke.edu
like the Wiki says, and I then attempted to log in using my unix
username and password. the error I received is
"Fatal: No pg_hba.conf entry for host 152.3.185.86 user (me) database
"babase", SSL off"
Please help :(
Lacey
Karl O. Pinc wrote:
>
> On 08/18/2007 02:37:19 PM, Karl O. Pinc wrote:
>>
>> On 08/18/2007 12:05:05 PM, Jun Yang wrote:
>>> Hi guys:
>>>
>>> You *should* now be able to connect to directly from biology.duke.edu
>>> machines without using VPN. Instructions on
>>> https://papio.biology.duke.edu/babasewiki/RankerProgram
>>> have been updated to reflect this change.
>>
>> I don't _think_ that papio is allowing such connections
>> right now. I'm going to assume I've got Hunter's
>> permission and go ahead and set that up. I'll
>> write when it's working.
>
> Allright, I believe I've got papio configured to
> allow SSL encrypted connections from the Internet,
> which really means from inside the Duke (biology?)
> firewall.
>
> Note that connecting via the local network requires
> use of the _Unix_ username and password, not the
> database username and password. (Hunter, going through
> pam seems more secure. Please let me know if you want
> to do it differently.)
>
> Hunter see:
> pg_hba.conf (Turning off ssl for localhost and unix socket,
> turning on ssl for network and using pam to authenticate.)
> postgresql.conf (Listening on all network interfaces, turning on ssl.)
>
> Jun,
> I believe that the use of SSL is automatically part of
> libpq and you don't need to do anything on the application
> side to enable this. (Assuming of course that the
> appropriate compile flags were chosen when libpq was compiled.)
> I have not configured the server to require clients to have
> a signed certificate. All that's necessary is the Unix (papio/biology)
> username and password.
>
> Karl <kop at meme.com>
> Free Software: "You don't pay back, you pay forward."
> -- Robert A. Heinlein
>
> _______________________________________________
> Babase mailing list
> Babase at www.eco.princeton.edu
> http://www.eco.princeton.edu/mailman/listinfo/babase
--
Lacey Maryott
Alberts Lab
Department of Biology
Duke University
ph: 919-660-7306
fax: 919-660-7293
Lacey.Maryott at duke.edu
More information about the Babase
mailing list