Skip site navigation (1) Skip section navigation (2)

Re: [PATCH] user mapping extension to pg_ident.conf

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Stephen Frost <sfrost(at)snowman(dot)net>, Lars Kanis <kanis(at)comcard(dot)de>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: [PATCH] user mapping extension to pg_ident.conf
Date: 2009-07-21 14:01:01
Message-ID: 9837222c0907210701n73e7d5c3id7067d4607f3b815@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
On Tue, Jul 21, 2009 at 15:58, Tom Lane<tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>> That said, if there is a username specified it should not be ignored.
>> But if there is none specified, it should work. This works "reasonably
>> well" today, in that we pick the username up from the environment. But
>> I can see cases where it would be a lot more useful to have it instead
>> pick up the username from the authentication system, since they may
>> differ.
>
> Are you not describing a behavior that you yourself removed in 8.4,
> ie the libpq code that looked aside at Kerberos for a username?

Yes, partially I am :-)

But it was not documented, and done in a fairly hackish way. If we
want it, it should work the same for *all* external authentication
methods (where it would be possible).

Doing it on the client presents a certain challenge when it comes to
certificates for example - or really in any case where you need to map
the username to something else. It would be quite convenient to have
that ability controlled from the server side. We'd have to have some
way to  communicate down that the username specified was the default
one and not a user-specified one (or we're back at overriding), but if
the actual mapping could be controlled server-side it would be a lot
more convenient.


-- 
 Magnus Hagander
 Self: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

In response to

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2009-07-21 14:03:22
Subject: Re: [PATCH v4] Avoid manual shift-and-test logic in AllocSetFreeIndex
Previous:From: Tom LaneDate: 2009-07-21 13:58:05
Subject: Re: [PATCH] user mapping extension to pg_ident.conf

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group