Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should

On 2022-10-29 20:38:07 -0700, David G. Johnston wrote:
> Next, I put an identity mapping in for "mary" in "pg_ident.conf" thus:
>
> # MAPNAME    SYSTEM-USERNAME   PG-USERNAME
> # -------    ---------------   -----------
>   bllewell   mary              mary
>
>
> As has been said numerous times, it is utterly pointless to define a mapping
> like this - you get mary-is-mary for free just by saying peer.

If this is the only line in pg_ident.conf I agree. But identity mappings
do serve a purpose. Consider this excerpt from one of our database
clusters:

localusers hjp hjp
localusers hjp wdsimp
localusers hjp wdsro
localusers hjp wdsacct

It says that I can login as hjp, wdsimp, wdsro and wdsacct without a
password. If the first entry wasn't there I wouldn't be able to log in
as myself.

> It is not possible to make an alias mapping work without specifying "-U" on the
> psql command line.  Period.  The -U is precisely how you tell the server you
> are using an alias - without it the server expects that the o/s user is logging
> in using their own name as the requested login role.

I think that's not quite correct. The -U option affects which user name
psql uses to connect to the server. It is psql which defaults to the
OS user name in the absence of the -U option (or the PGUSER environment
variable). The server has nothing to do with it.

hp

--
_ | Peter J. Holzer | Story must make more sense than reality.
|_|_) | |
| | | hjp(at)hjp(dot)at | -- Charles Stross, "Creative writing
__/ | http://www.hjp.at/ | challenge!"