| From: | Holger Jakobs <holger(at)jakobs(dot)com> |
|---|---|
| To: | pgsql-admin(at)lists(dot)postgresql(dot)org |
| Subject: | Re: setting up pg_ident for peer auth with unix groups |
| Date: | 2020-01-30 12:08:52 |
| Message-ID: | a27dc52b-9878-0a66-6c16-8bc8808fd70f@jakobs.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Hi Geoff,
No, there is no such mechanism. The ident service (it's not safe as you
probably know) only delivers the name of the user who has initiated the
TCP connection to the PG server.
This will be matched to the PG user the connection is supposed to be
established as. If they match, the respective line of pg_hba.conf might
grant access.
pg_ident.conf can be used to match system usernames (of the client
machine) to PG usernames.
The /etc/group file which technically could be accessed by PG processes
resides on the server and thus could be very different from the one on
the client machine. Plus, the system username used on the client machine
may not even exist on the server, nor does the PG username have to exist
as a system username on client or server.
Therefore, using Unix groups wouldn't make much sense.
Regards,
Holger
Am 30.01.20 um 12:59 schrieb Geoff Winkless:
> Hi
>
> Not sure if I'm missing something obvious but I can't see a way to set
> up pg_ident with unix groups in the username maps.
>
> https://www.postgresql.org/docs/12/auth-username-maps.html
>
> Is it possible or do I have to set up one entry for every user?
>
> Ta
>
> Geoff
--
Holger Jakobs, Bergisch Gladbach
instant messaging: xmpp:holger(at)jakobs(dot)com
+49 178 9759012 <tel:+491789759012> oder +49 2202 817157 <tel:+492202817157>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ken Benson | 2020-01-30 15:09:14 | pg_logical - for PG 9.59 running on windows server |
| Previous Message | Geoff Winkless | 2020-01-30 11:59:45 | setting up pg_ident for peer auth with unix groups |