Re: [Ignor Whois] Re: Connect error

On Mon, Jan 12, 2004 at 10:22:03 -0800,
Bill Moseley <moseley(at)hank(dot)org> wrote:
> On Mon, Jan 12, 2004 at 11:57:42AM -0600, Bruno Wolff III wrote:
> >
> > Since sameuser is a special ident map you can't use it as a named map in
> > the pg_ident.conf map.
>
> I thought maybe the pg_ident.conf file was enough to simply say
> "connections from www-data should be considered as coming from user
> moseley" and then sameuser would work (i.e. www-data would be able to
> connect to moseley's databases).

"sameuser" is used in several contexts. One is for the user field and there
it means that if the username matches the database name, then this rule
applies (if the IP address and the connection type also match). The other
usage is for using a default ident map. If you use "sameuser" for the ident
map, then pg_ident.conf doesn't get checked.

> BTW -- when using a map like this that uses the ident service, what dsn
> string is used when connecting? (I'm using Perl, BTW.)

I am not sure what "dsn" means in this context, so I can't answer this.

>
> > > bumby:/etc/postgresql# fgrep testmap pg_hba.conf pg_ident.conf
> > > pg_hba.conf:host all all 127.0.0.1 255.255.255.255 ident testmap
> > > pg_ident.conf:testmap moseley www-data
> > >
> > > So I think I'm missing an important concept.
> >
> > I think you are pretty close. In the last case you enabled ident authentication
> > using testmap for internet connections, but unless you did this for local
> > connections (domain sockets) as well, it wouldn't apply since the way you
> > are using psql will use a domain socket to connect (unless you have set
> > the PGHOST environment variable).
>
> You mean adding a "local" entry too?
>
> host all all 127.0.0.1 255.255.255.255 ident testmap
> local all all ident testmap

Yes.

>
> bumby:/etc/postgresql$ psql newdb
> psql: FATAL: user "www-data" does not exist

This makes sense since www-data isn't a postgres user.

> bumby:/etc/postgresql$ psql -Umoseley newdb
> psql: FATAL: IDENT authentication failed for user "moseley"

I think this is caused by have the two names mixed up.
> > > pg_ident.conf:testmap moseley www-data
According to the documentation the ident name should be the first name
and the postgres name the second name.

> bumby:/etc/postgresql$ psql -Uwww-data newdb
> psql: FATAL: user "www-data" does not exist
>
> This is why I ended up creating a new database user with a password and then
> granting access to ALL of my objects to the new database user. And then
> using that username/password in the connect string in the web
> application.
>
> Can I turn on debugging in Postgresql to see why it's failing? That
> would likely help resolve the problem.

I don't think that would add any useful information in this case.