On Sun, Sep 10, 2017 at 4:31 PM, <techmail+pgsql@xxxxxxxxxxxxxxxxx> wrote:
GSSAPI is the authentication mechanism of choice, and it's working fine.
Here is what I'm trying to accomplish.
'user1' == 'user1' and 'user1@xxxxxxxxxxxx' == 'user1'.
>From reading the docs, this is done via the pg_ident.conf file, and from reading the logs, there is a problem with my map.
Hmm... Interesting thought.
*testing*
It sort of works. Setting the maps below maps the users straight across. 'user1' == 'user1' and 'user1@xxxxxxxxxxxx' == 'user1@xxxxxxxxxxxx', so it's partially working.
pg_indent.conf:
testnet /^([0-9A-Za-z_-]+)@A\.DOMAIN\.TLD$ \1 testnet /^([0-9A-Za-z_-]+)@A\.DOMAIN\.TLD$ \1@xxxxxxxxxxxx
I think you want this:
testnet /(.*) \1
testnet /^([0-9A-Za-z_-]+)@A\.DOMAIN\.TLD$ \1
testnet /^([0-9A-Za-z_-]+) \1@xxxxxxxxxxxx
But since your pg_hba has include_realm=1, I don't know how you are getting the realmless "system user" names in the first place, so the last line really shouldn't be necessary.
Cheers,
Jeff
