CLEANACCESS Archives

February 2006

CLEANACCESS@LISTSERV.MIAMIOH.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: postgres changes
From:
"Rajesh Nair (rajnair)" <[log in to unmask]>
Reply To:
Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:
Wed, 22 Feb 2006 14:17:05 -0800
Content-Type:
text/plain
Parts/Attachments:
text/plain (79 lines) 
Folks,

I have to say this - please avoid modifying the DB or access to the DB.
There are some remote threats that Postgres is vulnerable to that might
affect you.  You could affect the functioning of the DB and the perfigo
service negatively.  And most importantly, TAC will not support you if
they know that access to DB or the DB itself have been modified in some
way.  

I had to recently work with a customer who had installed a Postgres
admin utility which broke the DB syncing and failover.  And TAC was not
supportive at all of this.  And to be fair to them, they have very good
reasons to take that approach.  They were working with this customer for
quite a while before realizing (or before being told) that the customer
had tried to install a utility. 

That said, can you explain what is lacking in the API - please make
feature requests w.r.t. the API.  We will slowly but surely add
additional APIs.  In this specific case, are you looking for all MAC
addresses that belong to a particular role?  Are you looking for Online
Users in the Temporary Role or Quarantine role?  What is the specific
thing you are trying to do?

-Rajesh. 

-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Joyce, Todd N
Sent: Wednesday, February 22, 2006 12:52 PM
To: [log in to unmask]
Subject: Re: postgres changes

ps -ae | grep post
  748 ?        00:00:00 postmaster
  750 ?        00:00:00 postmaster

kill -1 748

Todd Joyce
Network Services
Radford University - The Smart Choice
[log in to unmask]
(540) 831-7777
 
Keep your boots and ChapStick and ice hotels.
Give me shorts and sandals and a thirty-blocker.

Temperance Brennan - Monday Mourning
-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Lanstein, Alex C
Sent: Wednesday, February 22, 2006 12:33 PM
To: [log in to unmask]
Subject: postgres changes

Well, I've found the API to be inadequate for what I'm trying to do
(make a page where our help desk can see what users are blocked).  So,
I'm going to query the database directly.  I know I need to make the
permission changes in pg_hba.conf, and to do that I have to edit the
make-pg_hba_conf.pl script.  I

I did that, but I know I have to restart the perfigo service.  Tom, from
this list, said he just did a /etc/init.d perfigo restart and his
changes took effect, but when I did that something didn't start up
properly and it was throwing license errors like mad.  I didn't have a
chance to look into it, since I had just taken down the dorm's abilities
to login temporarily, so I had to restart it quickly.  My changes took
effect once I rebooted, but I'd like to know just how to restart the
postgres service (the 'perfigo way'... /sbin/service postgres restart
borked it too) without rebooting.  I set a fairly unrestrictive set of
mapping rules to the db and I'd like to lock it down a little more with
the ident stuff postgres does as well.

Any thoughts?

Thanks in advance,

Alex Lanstein

ATOM RSS1 RSS2