Re: setting up pg_ident for peer auth with unix groups

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Geoff,

No, there is no such mechanism. The ident service (it's not safe as you probably know) only delivers the name of the user who has initiated the TCP connection to the PG server.

This will be matched to the PG user the connection is supposed to be established as. If they match, the respective line of pg_hba.conf might grant access.

pg_ident.conf can be used to match system usernames (of the client machine) to PG usernames.

The /etc/group file which technically could be accessed by PG processes resides on the server and thus could be very different from the one on the client machine. Plus, the system username used on the client machine may not even exist on the server, nor does the PG username have to exist as a system username on client or server.

Therefore, using Unix groups wouldn't make much sense.

Regards,

Holger

Am 30.01.20 um 12:59 schrieb Geoff Winkless:
Hi

Not sure if I'm missing something obvious but I can't see a way to set up pg_ident with unix groups in the username maps.

 
Is it possible or do I have to set up one entry for every user?

Ta

Geoff
--

Holger Jakobs, Bergisch Gladbach
instant messaging: xmpp:holger@xxxxxxxxxx
+49 178 9759012 oder +49 2202 817157


[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux