Re: [Ignor Whois] Re: Connect error

On Mon, Jan 12, 2004 at 11:57:42AM -0600, Bruno Wolff III wrote:
>
> Since sameuser is a special ident map you can't use it as a named map in
> the pg_ident.conf map.

I thought maybe the pg_ident.conf file was enough to simply say
"connections from www-data should be considered as coming from user
moseley" and then sameuser would work (i.e. www-data would be able to
connect to moseley's databases).

BTW -- when using a map like this that uses the ident service, what dsn
string is used when connecting? (I'm using Perl, BTW.)

> > bumby:/etc/postgresql# fgrep testmap pg_hba.conf pg_ident.conf
> > pg_hba.conf:host all all 127.0.0.1 255.255.255.255 ident testmap
> > pg_ident.conf:testmap moseley www-data
> >
> > So I think I'm missing an important concept.
>
> I think you are pretty close. In the last case you enabled ident authentication
> using testmap for internet connections, but unless you did this for local
> connections (domain sockets) as well, it wouldn't apply since the way you
> are using psql will use a domain socket to connect (unless you have set
> the PGHOST environment variable).

You mean adding a "local" entry too?

host all all 127.0.0.1 255.255.255.255 ident testmap
local all all ident testmap

bumby:/etc/postgresql$ psql newdb
psql: FATAL: user "www-data" does not exist
bumby:/etc/postgresql$ psql -Umoseley newdb
psql: FATAL: IDENT authentication failed for user "moseley"
bumby:/etc/postgresql$ psql -Uwww-data newdb
psql: FATAL: user "www-data" does not exist

This is why I ended up creating a new database user with a password and then
granting access to ALL of my objects to the new database user. And then
using that username/password in the connect string in the web
application.

Can I turn on debugging in Postgresql to see why it's failing? That
would likely help resolve the problem.

--
Bill Moseley
moseley(at)hank(dot)org