Enable Authentication for Postgres Users

Default postgres installation that comes with Bahmni product/Bahmni-mart doesn’t have authentication enabled. So one can use psql command line prompt without password. The major problem with this approach is, if the postgres port is open it has chances of getting misused. We don’t usually keep it open for all the ip’s but only to the specific ip’s. But as pg_hba.conf is giving that provision to allow any ip to connect to postgres database, its always a good practise to enable the authentication for all postgres user to avoid any security vulnerabilities.

There are two ways to enable authentication to psql users.

  1. Add authentication for psql users as part of fresh installation of postgres service.

  2. Enable authentication for existing psql user

The existing changes in bahmni-mart covers only the part of enabling authentication for fresh installation of postgres service

Below is the chart to that shows for which bahmni versions authentication can be enabled with bahmni-mart-playbook installation

Below is the ansible command for installing bahmni-mart

Metabase without ssl:

ansible-playbook -i /etc/bahmni-mart-playbook/inventories/bahmni-mart /etc/bahmni-mart-playbook/all.yml --extra-vars '@/etc/bahmni-mart-playbook/setup.yml' --skip-tags "custom_ssl,lets_encrypt_ssl,authentication" -vvv

Please use the above chart as reference to add/remove “authentication” tag to the --skip-tags based on the bahmni version and fresh install of the mart.

 

The Bahmni documentation is licensed under Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)