| From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
|---|---|
| To: | Bryn Llewellyn <bllewell(at)icloud(dot)com> |
| Cc: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, pgsql-general list <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should |
| Date: | 2022-10-29 17:14:04 |
| Message-ID: | b6bc9855-a4bb-d9a3-a60e-bf3bf6be9332@aklaver.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 10/28/22 17:23, Bryn Llewellyn wrote:
> Adrian, thank you for your reply to my « Seeking the correct term of art
> for the (unique) role that is usually called "postgres"... » thread here:
>
> It got me in without error. (And, as hoped for, there was no password
> challenge.) But "select current_role" showed that the mapping had been
> ignored and that I was connected again as "bob".
>
> *What am I doing wrong?*
You skipped over this part of my post and the documentation:
Section 21.2
"The map-name is an arbitrary name that will be used to refer to this
mapping in pg_hba.conf."
This example below id for the ident auth method but the same syntax
applies to peer.
https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
# TYPE DATABASE USER ADDRESS METHOD
host all all 192.168.0.0/16 ident
map=omicron
pg_ident.conf and pg_hba.conf are two separate files and the only way
information gets from the former to the latter is if you explicitly
include the map name under METHOD for the the auth line.
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Eagna | 2022-10-29 17:35:22 | How to add a variable to a timestamp. |
| Previous Message | jacktby@gmail.com | 2022-10-29 15:45:33 | Re: Re: Does it equal to execute "CREATE ACCESS METHOD"? |