Allow +group in pg_ident.conf

From: Andrew Dunstan <andrew(at)dunslane(dot)net>
To: PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Allow +group in pg_ident.conf
Date: 2023-01-09 13:00:26
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

Over at [1] I speculated that it might be a good idea to allow
+grouprole type user names in pg_ident.conf. The use case I have in mind
is where the user authenticates to pgbouncer and then pgbouncer connects
as the user using a client certificate. Without this mechanism that
means that you need a mapping rule for each user in pg_ident.conf, which
doesn't scale very well, but with this mechanism all you have to do is
grant the specified role to users. So here's a small patch for that.

Comments welcome.




Andrew Dunstan

Attachment Content-Type Size
ident-plus-role.patch text/x-patch 4.5 KB


Browse pgsql-hackers by date

  From Date Subject
Next Message Richard Guo 2023-01-09 13:28:16 Re: Allow DISTINCT to use Incremental Sort
Previous Message Jelte Fennema 2023-01-09 13:00:01 Re: [EXTERNAL] Re: Support load balancing in libpq