Layers of authentication

Hi Folks,

I am running the development server, “trytond -c /etc/tryton/tryton.conf”. I have established a profile to connect and I can see a password challenge.So far; so good.

I am confused about authentication.

I am getting a password challenge, so I conclude I have authenticated as far as plumbing is concerned, and I am talking to the database server. I am failing that password challenge, so I conclude that there is a second layer of authentication. Is there an explanation of this any where?

Is there a distinction between the “plumbing” profile and the “access” profile, meaning can everyone connect as user tryton, but then log on to the application individually as user abc?

Thanks for the help,

Chris.

Postgresql has it’s users, and tryton has separate users.
As the users are separate it is not possible to authenticate to tryton using database users.
trytond-admin and trytond need to connect to postgresql (or sqlite), by peer authentication or password.

When you log in to tryton using a client you need to provide the tryton user (username: admin), not the database user.
When the database is created you create the password for user admin, which can be used to authenticate to tryton afterwards.
So the “plumbing” (postgresql user) and “access” tryton users are separate.

I hope I am answering your question.

Yes. You are. You have completely understood, and confirmed, my metaphorical description.

So, /etc/tryton/tryton.conf uses a pgsql user – tryton, in my case – to connect to the database server, but Tryton will read Tryton users from the database, and you suggest that there should be an “Admin” user, which was put there by trytond-admin, and I remember that. So, that was my big mistake.

Thanks for the help,

Chris.

Make sure that you use admin with a lowercase a as users in tryton are case sensitive

Glad I could help!

This topic was automatically closed 12 hours after the last reply. New replies are no longer allowed.