|
On 5/9/2016 2:42 PM, D'Arcy J.M. Cain
wrote:
I had an idea that that wouldn't be so easy else we would have had it by now. However, I am not sure that that is what is needed. I was thinking of something like this: host all joe@nobody 192.168.151.75/32 password host all all 192.168.151.75/32 ident The "all@nobody" field is meant to specify that the remote user is nobody but that they are connecting as user joe. You would be able to use "all" as well. You don't even need to do an ident check unless the auth method is "trust" which would be silly anyway. In fact "password" is the only method that even makes any sense at all.
over a tcp socket, there's no way of knowing *WHAT* the system user is short of querying the unreliable service 'authd' (113/tcp) and hoping that it A) exists and B) returns something meaningful. authd/ident services can return virtually anything they want to.
when pg_hba.conf is searched, all thats known is the socket type
(host or local), the database name, the requested(!) username, and
if its 'host', the source IP address. this is used to select the
desired authentication method for that combination.
-- john r pierce, recycling bits in santa cruz |
