| From: | Tilman Koschnick <til+pg(at)subnetz(dot)org> |
|---|---|
| To: | pgsql-admin(at)lists(dot)postgresql(dot)org |
| Subject: | Re: applicable mapping for clientcert=verify-full |
| Date: | 2021-03-12 08:59:38 |
| Message-ID: | 23f8e02c904b1101fbcc1b91a9b299e5367f663b.camel@subnetz.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Do, 2021-03-11 at 21:06 +0100, Tilman Koschnick wrote:
> How do I specify the applicable mapping in that case?
I've dug in a bit further. Since the clientcert option is allowed for
all auth methods, I worked on the assumption that the map option should
also be accepted for all methods, and removed the corresponding check:
--- postgresql-13-13.2.orig/src/backend/libpq/hba.c
+++ postgresql-13-13.2/src/backend/libpq/hba.c
@@ -1678,12 +1678,6 @@ parse_hba_auth_opt(char *name, char *val
if (strcmp(name, "map") == 0)
{
- if (hbaline->auth_method != uaIdent &&
- hbaline->auth_method != uaPeer &&
- hbaline->auth_method != uaGSS &&
- hbaline->auth_method != uaSSPI &&
- hbaline->auth_method != uaCert)
- INVALID_AUTH_OPTION("map", gettext_noop("ident, peer, gssapi, sspi, and cert"));
hbaline->usermap = pstrdup(val);
}
else if (strcmp(name, "clientcert") == 0)
With this change in place, the mapping works for me, with apparently no
ill effects. The build is passing all tests as well.
Should I report this as a bug?
Regards, Til
| From | Date | Subject | |
|---|---|---|---|
| Next Message | tsuraan | 2021-03-12 16:38:23 | Re: Streaming replication upgrade sanity check |
| Previous Message | Bruce Momjian | 2021-03-12 02:37:28 | Re: Streaming replication upgrade sanity check |