[Babase] Re: Ranker security problems
Karl O. Pinc
kop at meme.com
Sun Aug 19 00:53:53 EDT 2007
On 08/18/2007 02:37:19 PM, Karl O. Pinc wrote:
>
> On 08/18/2007 12:05:05 PM, Jun Yang wrote:
>> Hi guys:
>>
>> You *should* now be able to connect to directly from biology.duke.edu
>> machines without using VPN. Instructions on
>> https://papio.biology.duke.edu/babasewiki/RankerProgram
>> have been updated to reflect this change.
>
> I don't _think_ that papio is allowing such connections
> right now. I'm going to assume I've got Hunter's
> permission and go ahead and set that up. I'll
> write when it's working.
Allright, I believe I've got papio configured to
allow SSL encrypted connections from the Internet,
which really means from inside the Duke (biology?)
firewall.
Note that connecting via the local network requires
use of the _Unix_ username and password, not the
database username and password. (Hunter, going through
pam seems more secure. Please let me know if you want
to do it differently.)
Hunter see:
pg_hba.conf (Turning off ssl for localhost and unix socket,
turning on ssl for network and using pam to authenticate.)
postgresql.conf (Listening on all network interfaces, turning on ssl.)
Jun,
I believe that the use of SSL is automatically part of
libpq and you don't need to do anything on the application
side to enable this. (Assuming of course that the
appropriate compile flags were chosen when libpq was compiled.)
I have not configured the server to require clients to have
a signed certificate. All that's necessary is the Unix (papio/biology)
username and password.
Karl <kop at meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
More information about the Babase
mailing list