Re: confusion about user paring with pg_hba and pg_ident

On 10/12/2016 01:30 AM, arnaud gaboury wrote:
>
>
> On Tue, Oct 11, 2016 at 4:20 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us
> <mailto:tgl(at)sss(dot)pgh(dot)pa(dot)us>> wrote:
>
> arnaud gaboury <arnaud(dot)gaboury(at)gmail(dot)com
> <mailto:arnaud(dot)gaboury(at)gmail(dot)com>> writes:
>
> > I am a little confused about some of my settings when it comes to map
>
> > linux/psql users.
>
>
>
> I think you're misunderstanding what the user-mapping stuff does.
>
> It does not silently translate the username in the connection request
>
> to something else; rather, it checks whether a user having the given
>
> external name is allowed to log in as a particular Postgres user.
>
> So there's nothing particularly wrong with your config files, but your
>
> expectation about how your Linux users should log in to the database is
>
> mistaken. dovecot needs to specify that it wants to log in as mailman,
>
> and likewise mattermost needs to specify mmuser.
>
>
>
> If it's not practical to make the client applications send non-default
>
> user names, you'll need to rename the Postgres roles to match the
> external user names.
>
>
> Tom,
>
> thank you for this point. I am not sure to understand the last part:
> <rename the Postgres roles to match the external user names>. Do you
> mean best would be for dovecot to log in as dovecot Postgres user, and
> mattermost as mattermost Postgres user ?
> Thank you for precising.

Yes, that was Tom was getting at. Create dovecot and mattermost
roles(users) in Postgres.

>
> .
>
>
>
>
> regards, tom lane
>

--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com