Re: confusion about user paring with pg_hba and pg_ident

From: Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>
To: arnaud gaboury <arnaud(dot)gaboury(at)gmail(dot)com>
Cc: "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org>
Subject: Re: confusion about user paring with pg_hba and pg_ident
Date: 2016-10-13 13:45:50
Message-ID: 52be163d-44bc-bd8e-2958-5af1b157c749@aklaver.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On 10/12/2016 08:57 AM, arnaud gaboury wrote:
>
>
> On Wed, Oct 12, 2016 at 3:41 PM Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com

>
>
>
> So other then adding the mapping for the dovecot user, did anything else
>
> change?
>
> after a little bit of cleaning and a change in my Postgres username (now
> postgres username == unix user), the various commands to connect are
> working.
>
> Now I want to be sure to have correctly understood the mapping story.
> Say root is running myApp, and at one point, myApp is poling a
> postgresql DB as user myUser.
> Run myApp as root:
> # myApp
>
> Do I have to add an entry in pg_ident to map linux user root to Postgres
> myUser ? Or the command above will be enough with no entries in pg_ident
> or pg_hba ?

The answer depends on what result you are trying to achieve.

Are you trying to restrict access to a database by Postgres user only,
regardless of who they logged into the system as?

Or do you want to restrict access based on their system user login as well?

If not the above, what are your criteria for determining who can log in
to the database?

>
> TY for your time.
>

--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Tom Lane 2016-10-13 14:07:20 Re: Passing of where clause to remote table in FDW
Previous Message Jaisingkar, Piyush 2016-10-13 13:29:33 Passing of where clause to remote table in FDW