| From: | rob stone <floriparob(at)gmail(dot)com> |
|---|---|
| To: | techmail+pgsql(at)dangertoaster(dot)com, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: pg_ident mapping Kerberos Usernames |
| Date: | 2017-09-11 13:51:38 |
| Message-ID: | 1505137898.4583.5.camel@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
> >
>
> Hi Rob,
>
> How would that work? I was under the impression the first column was
> for socket type and limited to
> local, host, hostssl, and hostnossl?
>
> Thunderbird's config has been fixed, so here is the line from
> pg_hba.conf line without the
> formatting issues:
>
> host all all 192.168.1.0/24 gss include_realm=1 map=testnet
> krb_realm=A.DOMAIN.TLD
>
>
> Thanks,
> Ryan
Hello Ryan,
I'm probably incorrect about this as I don't use pg_ident but my
understanding is that each line in pg_ident consists of three fields
being:-
mask-name external-credentials internal-credentials
so that the external log-on is converted to its Postgres log-on and
then the mask-name is used to find a line in pg_hba.conf to verify that
the external-credentials were submitted from an allowable IP address.
Maybe somebody more knowledgeable than myself could provide a better
example.
Cheers,
Rob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Florek | 2017-09-11 14:02:45 | Needing verification on instructions for streaming replication |
| Previous Message | Thomas Güttler | 2017-09-11 13:25:26 | Final pg_dumpall should happen in Single-User-Mode |