From: | rob stone <floriparob(at)gmail(dot)com> |
---|---|
To: | techmail+pgsql(at)dangertoaster(dot)com, pgsql-general(at)postgresql(dot)org |
Subject: | Re: pg_ident mapping Kerberos Usernames |
Date: | 2017-09-11 13:51:38 |
Message-ID: | 1505137898.4583.5.camel@gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
> >
>
> Hi Rob,
>
> How would that work? I was under the impression the first column was
> for socket type and limited to
> local, host, hostssl, and hostnossl?
>
> Thunderbird's config has been fixed, so here is the line from
> pg_hba.conf line without the
> formatting issues:
>
> host all all 192.168.1.0/24 gss include_realm=1 map=testnet
> krb_realm=A.DOMAIN.TLD
>
>
> Thanks,
> Ryan
Hello Ryan,
I'm probably incorrect about this as I don't use pg_ident but my
understanding is that each line in pg_ident consists of three fields
being:-
mask-name external-credentials internal-credentials
so that the external log-on is converted to its Postgres log-on and
then the mask-name is used to find a line in pg_hba.conf to verify that
the external-credentials were submitted from an allowable IP address.
Maybe somebody more knowledgeable than myself could provide a better
example.
Cheers,
Rob
From | Date | Subject | |
---|---|---|---|
Next Message | Dave Florek | 2017-09-11 14:02:45 | Needing verification on instructions for streaming replication |
Previous Message | Thomas Güttler | 2017-09-11 13:25:26 | Final pg_dumpall should happen in Single-User-Mode |