Re: Postgresql gss user map doesn't work

From: xujian <jamesxu(at)outlook(dot)com>
To: "pgsql-admin(at)postgresql(dot)org" <pgsql-admin(at)postgresql(dot)org>
Subject: Re: Postgresql gss user map doesn't work
Date: 2015-06-30 21:37:55
Message-ID: BAY181-W67BE66578274EEDB49C47DA1A90@phx.gbl
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

it looks like I need to specify the mapping user name in the command, for instance, if my credential is xxx, I want to login as user company_com_xxx, I have to run command like
/psql -d dbname -h postgresql.server.name -U company_com_xxx
but why I need to specify the mapping user name company_com_xxx in command line? does anyone have same issue? thanks
JamesFrom: jamesxu(at)outlook(dot)com
To: pgsql-admin(at)postgresql(dot)org
Subject: Postgresql gss user map doesn't work
Date: Tue, 30 Jun 2015 12:56:47 -0400

Hello, I have a problem when I am using gss map. I want to map the user xxx(at)company(dot)com to db role company_com_xxxhere is my pa_hba.conf:=================# TYPE DATABASE USER ADDRESS METHODhost all all all gss include_realm=1 map=mymap
here is the pg_ident.conf=================# MAPNAME SYSTEM-USERNAME PG-USERNAMEmymap /(.*)@COMPANY.COM company_com_\1
However, it doesn't work, I got error message=================LOG: no match in usermap "mymap" for user "xxx" authenticated as "xxx(at)COMPANY(dot)COM"FATAL: GSSAPI authentication failed for user "xxx"DETAIL: Connection matched pg_hba.conf line 88: "host all all all gss include_realm=1 map=mymap"

but if I changed the map to =================# MAPNAME SYSTEM-USERNAME PG-USERNAMEmymap /(.*)@COMPANY.COM \1
then I can login, I have created role xxx and company_com_xxx in db side. even if I hard code the username in the mapping like=================# MAPNAME SYSTEM-USERNAME PG-USERNAMEmymap /(.*)@COMPANY.COM company_com_xxx
it still doesn't work. any idea?
Thanks in advance!
James

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Scott Whitney 2015-06-30 21:56:54 Re: Postgresql gss user map doesn't work
Previous Message David G. Johnston 2015-06-30 20:17:42 Re: SUM all timeelapse WHERE timetype = 'Break' but only the rows that are after(below) timetype = 'Start'