From: | Joe Brenner <doom(at)kzsu(dot)stanford(dot)edu> |
---|---|
To: | Joe Brenner <doom(at)kzsu(dot)stanford(dot)edu> |
Cc: | pgsql-admin(at)postgresql(dot)org |
Subject: | Re: pg_ident.conf not working? |
Date: | 2010-10-16 20:49:59 |
Message-ID: | 201010162049.o9GKnxDE083215@kzsu.stanford.edu |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
Joe Brenner <doom(at)kzsu(dot)stanford(dot)edu> wrote:
> I've noticed a difference in postgresql 8.3 and 9.0.1 that I suspect
> is a bug. pg_ident.conf isn't working the way it used to.
>
> I have a website set-up with apache running as using user
> "www-data". As I remember it, I found that it was difficult to
> set-up a postgres user name with a hyphen in it, so I fell back
> on creating a "www" postgres account, and I used the mapping:
>
> pg_ident.conf:
>
> # MAPNAME SYSTEM-USERNAME PG-USERNAME
> apache www-data www
>
> That used to work with postgres 8.3 (running on the same
> box as apache, of course), now with postgres 9.0.1 I can't
> get things like this to work:
>
> pg_hba.conf
>
> # TYPE DATABASE USER CIDR-ADDRESS METHOD
> local my_dbname www ident
>
> The log shows the error message:
>
> LOG: provided user name (www) and authenticated user name (www-data) do not match
> FATAL: Ident authentication failed for user "www"
>
> I can "fix" this by changing "ident" to "trust", but I'd
> rather restrict access to just the apache user.
>
> (Hm... maybe I need to try "ident map=apache"?)
Yes, it turns out that if I use the "map" option to explicitly tell it
which line of pg_ident.conf I want it to use, I can get it to work.
I stumbled across that here:
Though I see it is indeed explained where it should be, I just kept
skimming past it:
http://developer.postgresql.org/pgdocs/postgres/auth-username-maps.html
More code examples would help...
From | Date | Subject | |
---|---|---|---|
Next Message | Kieren Scott | 2010-10-17 11:02:23 | Restricting schema sizes |
Previous Message | Joe Brenner | 2010-10-16 20:00:31 | pg_ident.conf not working? |