Quick Links

Re: Postgresql gss user map doesn't work

From:	xujian <jamesxu(at)outlook(dot)com>
To:	Magnus Hagander <magnus(at)hagander(dot)net>
Cc:	"pgsql-admin(at)postgresql(dot)org" <pgsql-admin(at)postgresql(dot)org>
Subject:	Re: Postgresql gss user map doesn't work
Date:	2015-07-01 17:36:23
Message-ID:	BAY181-W539F6B936B7C4F0DEE432EA1A80@phx.gbl
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-admin

Since we need to add user name in the command, which is not we want, I removed the map in the pg_ident.conf file, and created role xxx(at)COMPANY(dot)COM in postgresql
the pg_hba.conf looks like:host all all all gss include_realm=1
in pg_ident.conf, I removed all items
in postgresql, I create rolecreate role "xxx(at)COMPANY(dot)COM" login
I thought it would work, because my credential is xxx(at)COMPANY(dot)COM, and there was user xxx(at)COMPANY(dot)COM in postgresql, it should map the my credential to user xxx(at)COMPANY(dot)COM(dot)
however, when I login with kerberos, I got error below on server sideLOG: provided user name (xxx) and authenticated user name (xxx(at)COMPANY(dot)COM) do not matchFATAL: GSSAPI authentication failed for user "xxx"
Do anyone know why it doesn't work? thanks
JamesFrom: jamesxu(at)outlook(dot)com
To: magnus(at)hagander(dot)net
CC: pgsql-admin(at)postgresql(dot)org
Subject: Re: [ADMIN] Postgresql gss user map doesn't work
Date: Wed, 1 Jul 2015 09:09:28 -0400

Thanks Magnus, you are awesome!
James

Date: Wed, 1 Jul 2015 08:38:45 +0200
Subject: Re: [ADMIN] Postgresql gss user map doesn't work
From: magnus(at)hagander(dot)net
To: jamesxu(at)outlook(dot)com
CC: pgsql-admin(at)postgresql(dot)org

On Tue, Jun 30, 2015 at 11:37 PM, xujian <jamesxu(at)outlook(dot)com> wrote:

it looks like I need to specify the mapping user name in the command, for instance, if my credential is xxx, I want to login as user company_com_xxx, I have to run command like
/psql -d dbname -h postgresql.server.name -U company_com_xxx
but why I need to specify the mapping user name company_com_xxx in command line? does anyone have same issue? thanks

Yes, that is working as intended. You always have to tell postgres which user you want to log in with, pg_ident only allows you to authenticate with a different name, you still have to tell the system which one you want.
You can also put the username in the PGUSER environment variable if it's something you want to deploy across many users.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/

In response to

Re: Postgresql gss user map doesn't work at 2015-07-01 13:09:28 from xujian

Responses

Re: Postgresql gss user map doesn't work at 2015-07-02 10:19:45 from Magnus Hagander

Browse pgsql-admin by date

	From	Date	Subject
Next Message	koff10	2015-07-01 21:00:39	Tuning on server with both running oracle and postgreSQL database
Previous Message	xujian	2015-07-01 13:09:28	Re: Postgresql gss user map doesn't work