|
Hello, I have a problem when I am using gss map. I want to map the user xxx@xxxxxxxxxxx to db role company_com_xxx here is my pa_hba.conf: ================= # TYPE DATABASE USER ADDRESS METHOD host all all all gss include_realm=1 map=mymap here is the pg_ident.conf ================= # MAPNAME SYSTEM-USERNAME PG-USERNAME mymap /(.*)@COMPANY.COM company_com_\1 However, it doesn't work, I got error message ================= LOG: no match in usermap "mymap" for user "xxx" authenticated as "xxx@xxxxxxxxxxx" FATAL: GSSAPI authentication failed for user "xxx" DETAIL: Connection matched pg_hba.conf line 88: "host all all all gss include_realm=1 map=mymap" but if I changed the map to ================= # MAPNAME SYSTEM-USERNAME PG-USERNAME mymap /(.*)@COMPANY.COM \1 then I can login, I have created role xxx and company_com_xxx in db side. even if I hard code the username in the mapping like ================= # MAPNAME SYSTEM-USERNAME PG-USERNAME mymap /(.*)@COMPANY.COM company_com_xxx it still doesn't work. any idea? Thanks in advance! James |
