Re: pg_ident.conf + regular expressions issue

Dear all,

Thank you for your prompt reply !

Some clarifications regarding the tests:
- I did "pg_ctl reload" after changing config files
- test01-test06 are really about 'peer' authentication instead of 'ident'
authentication
- so, lets concentrate on test07-test12

Let me rephrase my question about regular expressions + pg_ident.conf:
- why test09 is successful, while test10 fails ?

best regards,
Alexey Shishkin
alexey(dot)shishkin(dot)01(at)gmail(dot)com

On Mon, Oct 21, 2024 at 5:49 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:

> "David G. Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> writes:
> > The OP never said they were using the ident auth-method. The test
> involves
> > peer authentication with a user name mapping file, pg_ident.conf. Not
> > specifically the ident authentication type (which devolves to peer anyway
> > if the connection is local).
>
> Ah, right, -ENOCAFFEINE: I'd forgotten that "ident" is automatically
> converted to "peer" for a Unix-socket connection. So that explains
> the phrasing of the error message.
>
> Given that, I don't see anything wrong with the behavior of test05.
> The OS user name SMOKEYBEAR successfully matches the rule, sure,
> and then the \1 says that that user can log in as role SMOKEYBEAR.
> But the request is to log in as smokeybear (lower case), so it fails.
> The "(?i)" option only makes the regex able to match different casings
> of the OS name, it doesn't make matching of the \1 result to the
> requested role name be case-insensitive.
>
> test11 seems to be the same thing, only with actual ident auth.
>
> regards, tom lane
>