From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Geoff Winkless <pgsqladmin(at)geoff(dot)dj> |
Cc: | pgsql-admin(at)lists(dot)postgresql(dot)org |
Subject: | Re: setting up pg_ident for peer auth with unix groups |
Date: | 2020-01-30 16:15:48 |
Message-ID: | 21561.1580400948@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
Geoff Winkless <pgsqladmin(at)geoff(dot)dj> writes:
> Not sure if I'm missing something obvious but I can't see a way to set up
> pg_ident with unix groups in the username maps.
> https://www.postgresql.org/docs/12/auth-username-maps.html
> Is it possible or do I have to set up one entry for every user?
If your goal is "allow any local user who is a member of group X
to connect", you might be able to do it by setting restrictive
filesystem privileges on the postmaster's Unix-socket file. This
has some disadvantages --- notably, there's no way to override and
let selected non-group-members in too --- but it's worth considering.
See the unix_socket_group and unix_socket_permissions GUCs.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Ken Benson | 2020-01-30 16:43:59 | RE: pg_logical - for PG 9.59 running on windows server |
Previous Message | MichaelDBA | 2020-01-30 15:18:38 | Re: pg_logical - for PG 9.59 running on windows server |