[PATCH] user mapping extension to pg_ident.conf

Hi all,

this patch adds the possibility to map the login-rolename to a different
rolename actually used for permissions.

What is it used for?

I'm working with smartcard based TLS-authentication to connect to the PG
server. Authentication is done with the keys and certificates from the card
within the TLS handshake. Certificate-CN and login-username have to be the
same or have to match by the "pg_ident.conf". The role actually used for
permissions is always the login-username. This patch allowes, to change the
actually permissions to a role based on the certificate-CN. It is realised by
an additional column in "pg_ident.conf".

When using ODBC, you have to setup a fixed username which is used for login.
Different permissions depending on the CN of the certificate on the current
smartcard could be achieved by the following line:

# MAPNAME SYSTEM-USERNAME PG-USERNAME EFFECTIVE-USERNAME
ssl-user /(.*) dummy \1

The extension could be similar used for kerberos authentication, too.

Bytheway I refactored the pg_ident-code a little bit, to avoid duplicated code
and to allow substitution of more than one match (\2, \3 etc).

Questions (I'm quite new to the PG-sources and used to write Ruby code):
- Is this something useful - or is there a much easier way?
- Are there any implementation shortcomings?

regards
Lars Kanis