| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Geoff Winkless <pgsqladmin(at)geoff(dot)dj> |
| Cc: | pgsql-admin(at)lists(dot)postgresql(dot)org |
| Subject: | Re: setting up pg_ident for peer auth with unix groups |
| Date: | 2020-01-30 16:15:48 |
| Message-ID: | 21561.1580400948@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Geoff Winkless <pgsqladmin(at)geoff(dot)dj> writes:
> Not sure if I'm missing something obvious but I can't see a way to set up
> pg_ident with unix groups in the username maps.
> https://www.postgresql.org/docs/12/auth-username-maps.html
> Is it possible or do I have to set up one entry for every user?
If your goal is "allow any local user who is a member of group X
to connect", you might be able to do it by setting restrictive
filesystem privileges on the postmaster's Unix-socket file. This
has some disadvantages --- notably, there's no way to override and
let selected non-group-members in too --- but it's worth considering.
See the unix_socket_group and unix_socket_permissions GUCs.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ken Benson | 2020-01-30 16:43:59 | RE: pg_logical - for PG 9.59 running on windows server |
| Previous Message | MichaelDBA | 2020-01-30 15:18:38 | Re: pg_logical - for PG 9.59 running on windows server |