1

I am installing DSPACE which needs PostgresSQL.

Please see this link: DSPACE INSTALL

It says:

Then tighten up security a bit by editing pg_hba.conf and adding this line:

host dspace dspace 127.0.0.1 255.255.255.255 md5.

I have read on the internet as to how the above line works. It needs a connection type followed by database name/user name followed by IP address and the authentication scheme.

My question is: Should this not be a local (in place of host) connection since the dspace user is running locally?

Can someone show me step by step as to what happens when a request comes in? Where are the instructions that the dspace user will submit a request using md5?

Improve this question
1
  • 1
    This might be better asked on the sister site, DBA Stack Exchange. Commented Apr 23, 2019 at 5:47

2 Answers 2

Reset to default
2

DSpace uses JDBC, so local won't work for it. Here local means a completely different kind of inter-process connection that has nothing to do with IP and can only address local processes: Unix sockets. JDBC uses only IP, so DSpace needs a host descriptor.

That period at the end of the line is not supposed to be part of it. The documentation was unclear there -- I've fixed it.

As Laurenz Albe noted, DSpace doesn't specify that MD5 password hashes be used. The PostgreSQL server controls which methods will be tried, based on what you specify in pg_hba.conf.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

First, there is a . at the end of your pg_hba.conf line. That is a syntax error.

Whether to use local or host depends on

  • what API this DSPACE is using (JDBC, for example, allows no UNIX socket connections)

  • what connection string DSPACE is using

If you can specify a socket directory as host name, you can probably use UNIX sockets, which would be more efficient.

If DSPACE uses a driver that supports md5 authentication, the procedure is like this:

  • client sends server a connect packet with user and database

  • server requests md5 authentication and sends a random "salt" string

  • client computes an MD5 hash of the password with the salt from the server and sends the result to the server

  • server verifies that the hash is correct

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.