This is the mail archive of the
gnats-devel@sources.redhat.com
mailing list for the GNATS project.
Re: dbase security
>>>>> "MB" == Margaret BRIERTON <margaret@retriever.com.au> writes:
MB> Hi I've tried and changed the security on my database by
MB> restricting the IP address in the file gnatsd.conf.
MB> I also want to restrict a user to have only view access
MB> in the gnatsd.acces file.
MB> When i try and log in i get the follwing error:
MB> Error: Couldn't connect to gnats server
MB> host localhost, port 1529
MB> access denied
MB> Why is this?
You probably did not list localhost (or 127.0.0.1) in
gnatsd.conf, and have an entry of "*:deny:".
MB> Plus it seems that the userid can override the ip address
MB> ie the access file can override the conf
MB> file..............does this make sense??????????????
(The following applies to 3.113; it might have changed with 4.x)
The check for the IP address is done when the client tries to
establish the connection, i.e., before user authentication can
happen. If the access level for the client machine is "deny",
then the connection is rejected (this seems to have happened with
localhost).
If the access level for the client machine is at least "none",
then a user (or gnatsweb or some other program on behalf of the
user) gets the opportunity to log in. The access level
(permissions) of the user are the *maximum* of the access levels
granted to the client machine in gnatsd.conf and granted to the
userid in gnatsd.access.
Hans-Albert
--
Hans-Albert Schneider <Hans-Albert.Schneider@mchp.siemens.de>
Siemens AG phone: (+49) 89 636 45445
Corporate Technology fax: (+49) 89 636 42284
Munich, Germany
-- To get my public PGP key, send me a mail with subject "send key" --