Re: I can't seem to put the right combination of magic into the pg_hba and pg_ident files.

----- "Daniel Verite" <daniel(at)manitou-mail(dot)org> wrote:

> Tim Uckun wrote:
>
>
> > I am very confused about something though. Not one person here has
> > said anything about how pg_ident works or what I did wrong. Is
> > pg_ident deprecated? Is there no way to accomplish this with
> pg_ident?
>
> I just tried with 8.4.1. Started with the default configuration,
> created
> data/pg_ident.conf with:
> pg_map root postgres
> pg_map postgres postgres
>
> Replaced in pg_hba.conf:
> < local all all trust
> by
> > local all all ident
> map=pg_map
>
> Restarted the server, and then:
> $ su -
> # /usr/local/pg84/bin/psql -U postgres
> psql (8.4.1)
> Type "help" for help.
>
> postgres=#
>
> ... it appears to works.
>
> Now if I remove that line in data/pg_ident.conf:
> pg_map root postgres
> and reload the server and retry, I get the expected rejection:
> psql: FATAL: Ident authentication failed for user "postgres"
> and in the server logs:
> LOG: no match in usermap for user "postgres" authenticated as "root"
> CONTEXT: usermap "pg_map"
> FATAL: Ident authentication failed for user "postgres"
>
> That's on ubuntu 9.04, with postgres compiled from source.

Which is why I think this is an out of order problem. The Ruby script is trying to connect before the proper information is in pg_ident.conf and/or pg_hba.conf.

>
> > Why has everybody suggested either I don't do what I want/need to
> do
> > or that I should do it via the su mechanism?
>
> On unix systems, it's a standard recommendation not to run anything as
> root
> when it's possible to do otherwise, so we just apply this to psql I
> guess.
>
> Best regards,
> --
> Daniel
> PostgreSQL-powered mail user agent and storage:
> http://www.manitou-mail.org

Adrian Klaver
aklaver(at)comcast(dot)net