Am Dienstag, 21. Juli 2009 16:01:01 schrieben Sie:
> Doing it on the client presents a certain challenge when it comes to
> certificates for example - or really in any case where you need to map
> the username to something else. It would be quite convenient to have
> that ability controlled from the server side. We'd have to have some
> way to communicate down that the username specified was the default
> one and not a user-specified one (or we're back at overriding), but if
> the actual mapping could be controlled server-side it would be a lot
> more convenient.
I thought about doing it on the client side too, but server side mapping
seemed to me more flexible. In fact one could do a client side mapping
(without knowledge of the auth method), by greping the username of the
external system out of the error text from the server and doing a second auth
with it. Just I don't like this ugly hack.
There was another mail, where I described the use of the mapping patch:
Please have a look on it. One can give different mappings for combinations of
internal and external username. This way you could easy use different roles
within the database with differnent applications, although the external auth
system gives the same username. The "dummy"-user of the first mail was not
the best example.
I'm not the expert with PGs internals. So if you have a better way to get an
usermapping based on the external auth, I could do a bit of research in this
area, because I need something like this.
In response to
pgsql-hackers by date
|Next:||From: Alvaro Herrera||Date: 2009-07-21 15:39:47|
|Subject: Re: errcontext support in PL/Perl|
|Previous:||From: Joshua Brindle||Date: 2009-07-21 15:24:55|
|Subject: Re: [PATCH] SE-PgSQL/tiny rev.2193|