 | | | Si l'on choisit d'utiliser Postgresql, il y a plusieurs à
faire pour que cela fonctionne. Tout d'abord, les drivers jdbc de
Postgresql sont d'un type qui utilise
forcément un accès réseau à la base même si l'application
utilisant celui-ci se trouve sur la même machine que la base ( via
localhost ou 127.0.0.1 ). Il faut donc activer le mode réseau de
Postgresql. Il s'agit en fait d'un
paramètre de postmaster. Il s'agit plus
particulièrement de l'option -i. Pour ce faire, il suffit d'éditier le fichier
/etc/postgresql/postmaster.conf et de mettre dans
la variable POSTMASTER_OPTIONS, "-i". # /etc/postgresql/postmaster.conf
#
# Copyright (c) Oliver Elphick 1997, 2001
# Part of the Debian package, postgresql. The Debian packaging is
# licensed under GPL v.2
#
# This is the configurable initialisation of the postgresql package
# The defaults are shown, but are commented out.
#
# As of release 7.1, many parameters may now be found in
# /etc/postgresql/postgresql.conf. To avoid confusion, these can
# no longer be set here, even though the command line options that
# used to control them do still exist.
#
POSTGRES_HOME=`getent passwd postgres | awk -F: '{print $6}' | head -1`
if [ -z "$POSTGRES_HOME" ]
then
POSTGRES_HOME=/var/lib/postgres
fi
# Where to find the PostgreSQL database files, including those that
# define PostgresSQL users and permissions.
# POSTGRES_DATA=/var/lib/postgres/data
# Any special options to pass to the postmaster through pg_ctl's -o option.
# This may include such options as "-h hostname", for which there is no
# parameter defined. However most options can be set by editing
# postgresql.conf appropriately.
POSTMASTER_OPTIONS="-i"
# Minimum number of entries in the kernel file table. If the table size is
# lower, postgresql.startup attempts to increase it by writing this parameter
# into /proc/sys/kernel/file-max. This is only effective if the kernel has
# been compiled to support run-time configuration.
# KERNEL_FILE_MAX=1032
# Where to send logging and debugging traces. By default, very little
# should appear here, because SYSLOG is set to 2 in postgresql.conf, so
# that all messages are sent to syslog only.
#
# If you change this, remember to change /etc/logrotate.d/postgresql too.
# POSTGRES_LOG=/var/log/postgresql/postgres.log |
Dans un deuxième temps, il faut définir la manière dont on va
s'authentifier à Postgresql en fonction
de la manière dont on y accède. Ceci se configure dans le fichier
/etc/postgresql/pg_hba.conf. On va considérer que
si on essaie via le réseau ( dans notre cas, en jdbc ), Postgresql
fera un authentification avec mot de passe et si on y accède en local,
l'authentification se fera par rapport à l'utilisateur unix
que l'on utilise. # PostgreSQL Client Authentication Configuration File
# ===================================================
#
# Refer to the PostgreSQL Administrator's Guide, chapter "Client
# Authentication" for a complete description. A short synopsis
# follows.
#
# This file controls: which hosts are allowed to connect, how clients
# are authenticated, which PostgreSQL user names they can use, which
# databases they can access. Records take one of three forms:
#
# local DATABASE USER METHOD [OPTION]
# host DATABASE USER IP-ADDRESS IP-MASK METHOD [OPTION]
# hostssl DATABASE USER IP-ADDRESS IP-MASK METHOD [OPTION]
#
# (The uppercase quantities should be replaced by actual values.)
# DATABASE can be "all", "sameuser", "samegroup", a database name (or
# a comma-separated list thereof), or a file name prefixed with "@".
# USER can be "all", an actual user name or a group name prefixed with
# "+" or a list containing either. IP-ADDRESS and IP-MASK specify the
# set of hosts the record matches. METHOD can be "trust", "reject",
# "md5", "crypt", "password", "krb5", "ident", or "pam". Note
# that "password" uses clear-text passwords; "md5" is preferred for
# encrypted passwords. OPTION is the ident map or the name of the PAM
# service.
#
# This file is read on server startup and when the postmaster receives
# a SIGHUP signal. If you edit the file on a running system, you have
# to SIGHUP the postmaster for the changes to take effect, or use
# "pg_ctl reload".
# Put your actual configuration here
# ----------------------------------
#
# This default configuration allows any local user to connect as himself
# without a password, either through a Unix socket or through TCP/IP; users
# on other machines are denied access.
#
# If you want to allow non-local connections, you need to add more
# "host" records before the final line that rejects all TCP/IP connections.
# Also, remember TCP/IP connections are only enabled if you enable
# "tcpip_socket" in /etc/postgresql/postgresql.conf.
# TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
# DO NOT DISABLE!
# If you change this next entry you will need to make sure the postgres user
# can access the database using some other method. The postgres user needs
# non-interactive access to all databases during automatic maintenance
# (see the vacuum command and the /usr/lib/postgresql/bin/do.maintenance
# script).
local all postgres ident sameuser
host all postgres 127.0.0.1 255.255.255.255 password
host all postgres localhost 255.255.255.255 password
local all all ident sameuser
host all all 127.0.0.1 255.255.255.255 password
host all all 0.0.0.0 0.0.0.0 reject |
| |
| | |
|
