|
Since we need to add user name in the command, which is not we want, I removed the map in the pg_ident.conf file, and created role xxx@xxxxxxxxxxx in postgresql
the pg_hba.conf looks like: host all all all gss include_realm=1 in pg_ident.conf, I removed all items in postgresql, I create role create role "xxx@COMPANY.COM" login I thought it would work, because my credential is xxx@COMPANY.COM, and there was user xxx@COMPANY.COM in postgresql, it should map the my credential to user xxx@COMPANY.COM. however, when I login with kerberos, I got error below on server side LOG: provided user name (xxx) and authenticated user name (xxx@xxxxxxxxxxx) do not match FATAL: GSSAPI authentication failed for user "xxx" Do anyone know why it doesn't work? thanks James From: jamesxu@xxxxxxxxxxx To: magnus@xxxxxxxxxxxx CC: pgsql-admin@xxxxxxxxxxxxxx Subject: Re: [ADMIN] Postgresql gss user map doesn't work Date: Wed, 1 Jul 2015 09:09:28 -0400 Thanks Magnus, you are awesome! James Date: Wed, 1 Jul 2015 08:38:45 +0200 Subject: Re: [ADMIN] Postgresql gss user map doesn't work From: magnus@xxxxxxxxxxxx To: jamesxu@xxxxxxxxxxx CC: pgsql-admin@xxxxxxxxxxxxxx On Tue, Jun 30, 2015 at 11:37 PM, xujian <jamesxu@xxxxxxxxxxx> wrote:
Yes, that is working as intended. You always have to tell postgres which user you want to log in with, pg_ident only allows you to authenticate with a different name, you still have to tell the system which one you want. You can also put the username in the PGUSER environment variable if it's something you want to deploy across many users. |
