Skip site navigation (1) Skip section navigation (2)

Re: [PATCH] user mapping extension to pg_ident.conf

From: Lars Kanis <kanis(at)comcard(dot)de>
To: Magnus Hagander <magnus(at)hagander(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-hackers(at)postgresql(dot)org, Stephen Frost <sfrost(at)snowman(dot)net>
Subject: Re: [PATCH] user mapping extension to pg_ident.conf
Date: 2009-07-21 15:35:08
Message-ID: 200907211735.12701.kanis@comcard.de (view raw or flat)
Thread:
Lists: pgsql-hackers
Am Dienstag, 21. Juli 2009 16:01:01 schrieben Sie:
> Doing it on the client presents a certain challenge when it comes to
> certificates for example - or really in any case where you need to map
> the username to something else. It would be quite convenient to have
> that ability controlled from the server side. We'd have to have some
> way to  communicate down that the username specified was the default
> one and not a user-specified one (or we're back at overriding), but if
> the actual mapping could be controlled server-side it would be a lot
> more convenient.

I thought about doing it on the client side too, but server side mapping 
seemed to me more flexible. In fact one could do a client side mapping 
(without knowledge of the auth method), by greping the username of the 
external system out of the error text from the server and doing a second auth 
with it. Just I don't like this ugly hack.

There was another mail, where I described the use of the mapping patch:
http://archives.postgresql.org/pgsql-hackers/2009-06/msg01496.php
Please have a look on it. One can give different mappings for combinations of 
internal and external username. This way you could easy use different roles 
within the database with differnent applications, although the external auth 
system gives the same username. The "dummy"-user of the first mail was not 
the best example.

I'm not the expert with PGs internals. So if you have a better way to get an 
usermapping based on the external auth, I could do a bit of research in this 
area, because I need something like this.

regards
Lars Kanis

In response to

pgsql-hackers by date

Next:From: Alvaro HerreraDate: 2009-07-21 15:39:47
Subject: Re: errcontext support in PL/Perl
Previous:From: Joshua BrindleDate: 2009-07-21 15:24:55
Subject: Re: [PATCH] SE-PgSQL/tiny rev.2193

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group