Re: Using both ident and password in pg_hba.conf

From: John R Pierce <pierce(at)hogranch(dot)com>
To: pgsql-general(at)postgresql(dot)org
Subject: Re: Using both ident and password in pg_hba.conf
Date: 2016-05-09 20:24:21
Message-ID: 96b04007-f42f-700d-9122-411f0f506ae5@hogranch.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On 5/9/2016 1:18 PM, D'Arcy J.M. Cain wrote:
> Basically I think that pg_hba.conf is missing a feature. We can
> specify the database, the user and the address but we can't specify the
> authenticated user. When it sees this;
>
> provided user name (x) and authenticated user name (nobody) do not match
>
> I would like it to connect with user x but drop to password
> authentication.

'ident' is only secure over local 'domain' sockets, not over tcp/ip.

that said, you can use an ident user map to do what you want, this would
say '"nobody" can log on as A, B, or C'

--
john r pierce, recycling bits in santa cruz

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Adrian Klaver 2016-05-09 20:39:48 Re: Using both ident and password in pg_hba.conf
Previous Message D'Arcy J.M. Cain 2016-05-09 20:18:39 Re: Using both ident and password in pg_hba.conf