| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
| Cc: | Alexey Shishkin <alexey(dot)shishkin(dot)01(at)gmail(dot)com>, "pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: pg_ident.conf + regular expressions issue |
| Date: | 2024-10-21 15:49:03 |
| Message-ID: | 1565682.1729525743@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
"David G. Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> writes:
> The OP never said they were using the ident auth-method. The test involves
> peer authentication with a user name mapping file, pg_ident.conf. Not
> specifically the ident authentication type (which devolves to peer anyway
> if the connection is local).
Ah, right, -ENOCAFFEINE: I'd forgotten that "ident" is automatically
converted to "peer" for a Unix-socket connection. So that explains
the phrasing of the error message.
Given that, I don't see anything wrong with the behavior of test05.
The OS user name SMOKEYBEAR successfully matches the rule, sure,
and then the \1 says that that user can log in as role SMOKEYBEAR.
But the request is to log in as smokeybear (lower case), so it fails.
The "(?i)" option only makes the regex able to match different casings
of the OS name, it doesn't make matching of the \1 result to the
requested role name be case-insensitive.
test11 seems to be the same thing, only with actual ident auth.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | PG Bug reporting form | 2024-10-21 15:49:16 | BUG #18668: [Windows] September 2024 releases (17.0, 16.4, etc) all include older libiconv-2.dll |
| Previous Message | David G. Johnston | 2024-10-21 15:37:26 | Re: pg_ident.conf + regular expressions issue |