On Do, 2021-03-11 at 21:06 +0100, Tilman Koschnick wrote:
> How do I specify the applicable mapping in that case?
I've dug in a bit further. Since the clientcert option is allowed for
all auth methods, I worked on the assumption that the map option should
also be accepted for all methods, and removed the corresponding check:
--- postgresql-13-13.2.orig/src/backend/libpq/hba.c
+++ postgresql-13-13.2/src/backend/libpq/hba.c
@@ -1678,12 +1678,6 @@ parse_hba_auth_opt(char *name, char *val
if (strcmp(name, "map") == 0)
{
- if (hbaline->auth_method != uaIdent &&
- hbaline->auth_method != uaPeer &&
- hbaline->auth_method != uaGSS &&
- hbaline->auth_method != uaSSPI &&
- hbaline->auth_method != uaCert)
- INVALID_AUTH_OPTION("map", gettext_noop("ident, peer, gssapi, sspi, and cert"));
hbaline->usermap = pstrdup(val);
}
else if (strcmp(name, "clientcert") == 0)
With this change in place, the mapping works for me, with apparently no
ill effects. The build is passing all tests as well.
Should I report this as a bug?
Regards, Til
