NDSU CS Department Wiki

User Tools

Site Tools

Trace:
admin:processes:db_accounts

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
admin:processes:db_accounts [2017/01/19 15:36] – [Accounts] localadminadmin:processes:db_accounts [2017/03/25 23:22] (current) – [PostgreSQL (Shinji)] localadmin
Line 18: Line 18:
  
 ===== MS SQL Student Server (msdb.cs.ndsu.nodak.edu) ===== ===== MS SQL Student Server (msdb.cs.ndsu.nodak.edu) =====
-------+{{:line.png?nolink|}} 
 This server exists solely for students to use in coursework.  (Back in the Helsene Dynasty, students were using Gendo for their coursework.  Gendo is also the database used by VMware, which made us scared enough to spawn up another box.).  Every database account on this machine is a local SQL account (thus not using Windows Authentication, which seemed easiest). This server exists solely for students to use in coursework.  (Back in the Helsene Dynasty, students were using Gendo for their coursework.  Gendo is also the database used by VMware, which made us scared enough to spawn up another box.).  Every database account on this machine is a local SQL account (thus not using Windows Authentication, which seemed easiest).
  
Line 26: Line 27:
  
 ===== MS SQL (Gendo) Production Server ===== ===== MS SQL (Gendo) Production Server =====
-----+{{:line.png?nolink|}} 
 ^ Server ^ Account purpose ^ Authentication source ^ ^ Server ^ Account purpose ^ Authentication source ^
 | gendo.cs.ndsu.nodak.edu | Student account :?:| Computer Science domain | | gendo.cs.ndsu.nodak.edu | Student account :?:| Computer Science domain |
Line 99: Line 101:
  
 ===== Oracle (Asuka) ===== ===== Oracle (Asuka) =====
-----+{{:line.png?nolink|}} 
 + 
 +<color #ed1c24>Oracle accounts are now done through CCAST.</color> 
 ^ Server ^ Account purpose ^ Authentication source ^ ^ Server ^ Account purpose ^ Authentication source ^
 | asuka.cs.ndsu.nodak.edu | student/application account | Local to Oracle server | | asuka.cs.ndsu.nodak.edu | student/application account | Local to Oracle server |
Line 172: Line 177:
 Accounts can also be made using the TOra Security Manager. Users created in this way need to be given a random password, and the CSCI366 role. They also need to be given the default and temporary tablespace 'USERS' Accounts can also be made using the TOra Security Manager. Users created in this way need to be given a random password, and the CSCI366 role. They also need to be given the default and temporary tablespace 'USERS'
  
 +
 +
 + 
 + 
 ===== MySQL (Rei) ===== ===== MySQL (Rei) =====
-----+{{:line.png?nolink|}} 
 ^ Server ^ Account purpose ^ Authentication source ^ ^ Server ^ Account purpose ^ Authentication source ^
 | rei.cs.ndsu.nodak.edu | student/application account | Local to mySQL server | | rei.cs.ndsu.nodak.edu | student/application account | Local to mySQL server |
Line 198: Line 208:
  
 ** USERS THAT ALREADY HAVE ACCOUNTS WILL CAUSE ISSUES WITH THESE SCRIPTS.** Currently, users that currently have DB accounts should NOT be fed into the script, it will cause the process to fail. The script should be modified such that the DB is checked for an existing account for each user.  ** USERS THAT ALREADY HAVE ACCOUNTS WILL CAUSE ISSUES WITH THESE SCRIPTS.** Currently, users that currently have DB accounts should NOT be fed into the script, it will cause the process to fail. The script should be modified such that the DB is checked for an existing account for each user. 
 +
 +
  
 ===== PostgreSQL (Shinji) ===== ===== PostgreSQL (Shinji) =====
-----+{{:line.png?nolink|}} 
 + 
 +<color #ed1c24>Postgres hasn't been offered by the department since at least 2014 if not earlier.</color> 
 ^ Server ^ Account purpose ^ Authentication source ^ ^ Server ^ Account purpose ^ Authentication source ^
 | shinji.cs.ndsu.nodak.edu | student account | Computer Science domain | | shinji.cs.ndsu.nodak.edu | student account | Computer Science domain |
Line 219: Line 234:
 ==== Auth ==== ==== Auth ====
  
-PostgreSQL uses the file at /etc/postgresql/8.4/main/pg_hba.conf to define authentication and authorization. +PostgreSQL uses the file at /etc/postgresql/8.4/main/pg_hba.conf to define authentication and authorization. //(As of Jan 2017. postgresql 9.5)// 
  
 This file works in a method such that the first applicable match for 'type', 'database', 'host' and 'username' dictate how the user can auth. Lines should go from the most specific at the top to the most general at the bottom.  This file works in a method such that the first applicable match for 'type', 'database', 'host' and 'username' dictate how the user can auth. Lines should go from the most specific at the top to the most general at the bottom. 
Line 246: Line 261:
  
 On any modifications to pam_accounts or pg_hba.conf, you need to reload postgres.  On any modifications to pam_accounts or pg_hba.conf, you need to reload postgres. 
 +
  
admin/processes/db_accounts.1484861770.txt.gz · Last modified: by localadmin