On 5/9/2016 1:18 PM, D'Arcy J.M. Cain wrote:
> Basically I think that pg_hba.conf is missing a feature. We can
> specify the database, the user and the address but we can't specify the
> authenticated user. When it sees this;
>
> provided user name (x) and authenticated user name (nobody) do not match
>
> I would like it to connect with user x but drop to password
> authentication.
'ident' is only secure over local 'domain' sockets, not over tcp/ip.
that said, you can use an ident user map to do what you want, this would
say '"nobody" can log on as A, B, or C'
--
john r pierce, recycling bits in santa cruz