Enable Authentication for Postgres Users
Default postgres installation that comes with Bahmni product/Bahmni-mart doesn’t have authentication enabled. So one can use psql command line prompt without password. The major problem with this approach is, if the postgres port is open it has chances of getting misused. We don’t usually keep it open for all the ip’s but only to the specific ip’s. But as pg_hba.conf is giving that provision to allow any ip to connect to postgres database, its always a good practise to enable the authentication for all postgres user to avoid any security vulnerabilities.
There are two ways to enable authentication to psql users.
Add authentication for psql users as part of fresh installation of postgres service.
Enable authentication for existing psql user
The existing changes in bahmni-mart covers only the part of enabling authentication for fresh installation of postgres service
Below is the chart to that shows for which bahmni versions authentication can be enabled with bahmni-mart-playbook installation
Below is the ansible command for installing bahmni-mart
Metabase without ssl:
ansible-playbook -i /etc/bahmni-mart-playbook/inventories/bahmni-mart /etc/bahmni-mart-playbook/all.yml --extra-vars '@/etc/bahmni-mart-playbook/setup.yml' --skip-tags "custom_ssl,lets_encrypt_ssl,authentication" -vvv
Please use the above chart as reference to add/remove “authentication”
tag to the --skip-tags
based on the bahmni version and fresh install of the mart.
The Bahmni documentation is licensed under Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)