| From: | Albrecht Dreß <albrecht(dot)dress(at)arcor(dot)de> |
|---|---|
| To: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Q: cert authentication and user remapping fails |
| Date: | 2019-12-09 17:30:09 |
| Message-ID: | DKNHICYL.3E3IAO4T.LJ76RX5R@KBZZ5UGR.G3N4B34R.BIZ6SL56 |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Sorry for the late reply, I could test your solution only today…
Am 06.12.19 18:52 schrieb(en) Tom Lane:
> I don't think that the user name mapping feature works in the way you are hoping it does. According to https://www.postgresql.org/docs/current/auth-username-maps.html what the map does is to specify allowed combinations of the validated external user name ("Albrecht Dreß" in your example) and the database role the user asked to connect as. So given
>
> > certaccess /^.*$ testuser
>
> it should be possible to do
>
> psql -h dbserver -U testuser testdb
>
> with a certificate that has CN="Albrecht Dreß" (or anything else).
Yes, this works perfectly – I really misunderstood the docs here!
Thanks a lot for your help,
Albrecht.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | saket bansal | 2019-12-09 18:22:51 | Query with correlated join having slow performance |
| Previous Message | Andreas Kretschmer | 2019-12-09 16:02:02 | Re: Upgrade PostgreSQL 9.6 to 10.6 |