From: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com> |
---|---|
To: | techmail+pgsql(at)dangertoaster(dot)com |
Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: pg_ident mapping Kerberos Usernames |
Date: | 2017-09-11 21:32:33 |
Message-ID: | CAMkU=1x87crLJDUs0_dNyu4G+P040v8CN1fY8k1LL+EmQU9TkQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Sun, Sep 10, 2017 at 4:31 PM, <techmail+pgsql(at)dangertoaster(dot)com> wrote:
>
> GSSAPI is the authentication mechanism of choice, and it's working fine.
>
> Here is what I'm trying to accomplish.
>
> 'user1' == 'user1' and 'user1(at)A(dot)DOMAIN(dot)TLD' == 'user1'.
>
> From reading the docs, this is done via the pg_ident.conf file, and from
> reading the logs, there is a problem with my map.
>
> Hmm... Interesting thought.
> *testing*
> It sort of works. Setting the maps below maps the users straight across.
> 'user1' == 'user1' and 'user1(at)A(dot)DOMAIN(dot)TLD' == 'user1(at)A(dot)DOMAIN(dot)TLD', so
> it's partially working.
>
> pg_indent.conf:
> testnet /^([0-9A-Za-z_-]+)@A\.DOMAIN\.TLD$ \1
> testnet /^([0-9A-Za-z_-]+)@A\.DOMAIN\.TLD$ \1(at)A(dot)DOMAIN(dot)TLD
>
I think you want this:
testnet /(.*)
\1
testnet /^([0-9A-Za-z_-]+)@A\.DOMAIN\.TLD$ \1
testnet /^([0-9A-Za-z_-]+)
\1(at)A(dot)DOMAIN(dot)TLD
But since your pg_hba has include_realm=1, I don't know how you are getting
the realmless "system user" names in the first place, so the last line
really shouldn't be necessary.
Cheers,
Jeff
From | Date | Subject | |
---|---|---|---|
Next Message | Michael Paquier | 2017-09-11 22:32:30 | Re: contrecord is requested |
Previous Message | Scott Marlowe | 2017-09-11 20:27:40 | contrecord is requested |