From: | "Peter J(dot) Holzer" <hjp-pgsql(at)hjp(dot)at> |
---|---|
To: | pgsql-general(at)lists(dot)postgresql(dot)org |
Subject: | Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should |
Date: | 2022-10-30 09:47:39 |
Message-ID: | 20221030094739.f3ihp3hy7xiileyh@hjp.at |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 2022-10-29 20:38:07 -0700, David G. Johnston wrote:
> Next, I put an identity mapping in for "mary" in "pg_ident.conf" thus:
>
> # MAPNAME SYSTEM-USERNAME PG-USERNAME
> # ------- --------------- -----------
> bllewell mary mary
>
>
> As has been said numerous times, it is utterly pointless to define a mapping
> like this - you get mary-is-mary for free just by saying peer.
If this is the only line in pg_ident.conf I agree. But identity mappings
do serve a purpose. Consider this excerpt from one of our database
clusters:
localusers hjp hjp
localusers hjp wdsimp
localusers hjp wdsro
localusers hjp wdsacct
It says that I can login as hjp, wdsimp, wdsro and wdsacct without a
password. If the first entry wasn't there I wouldn't be able to log in
as myself.
> It is not possible to make an alias mapping work without specifying "-U" on the
> psql command line. Period. The -U is precisely how you tell the server you
> are using an alias - without it the server expects that the o/s user is logging
> in using their own name as the requested login role.
I think that's not quite correct. The -U option affects which user name
psql uses to connect to the server. It is psql which defaults to the
OS user name in the absence of the -U option (or the PGUSER environment
variable). The server has nothing to do with it.
hp
--
_ | Peter J. Holzer | Story must make more sense than reality.
|_|_) | |
| | | hjp(at)hjp(dot)at | -- Charles Stross, "Creative writing
__/ | http://www.hjp.at/ | challenge!"
From | Date | Subject | |
---|---|---|---|
Next Message | Peter J. Holzer | 2022-10-30 09:50:00 | Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should |
Previous Message | Adrian Klaver | 2022-10-30 04:15:08 | Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should |