On Mon, 9 May 2016 14:56:14 -0700 John R Pierce <pierce@xxxxxxxxxxxx> wrote: > over a tcp socket, there's no way of knowing *WHAT* the system user > is short of querying the unreliable service 'authd' (113/tcp) and > hoping that it A) exists and B) returns something meaningful. > authd/ident services can return virtually anything they want to. I run both the client web server and the database server. Outside machines require passwords. > when pg_hba.conf is searched, all thats known is the socket type > (host or local), the database name, the requested(!) username, and if > its 'host', the source IP address. this is used to select the > desired authentication method for that combination. Yes, it is missing that one piece I suggested - the ability to select based on the authenticated name. That's what I am trying to work around. -- D'Arcy J.M. Cain <darcy@xxxxxxxxx> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 788 2246 (DoD#0082) (eNTP) | what's for dinner. IM: darcy@xxxxxxx, VoIP: sip:darcy@xxxxxxxxx -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
