Re: [GENERAL] pg_ident mapping Kerberos Usernames

On 09/11/2017 08:51 AM, rob stone wrote:
> 
> 
>>>
>>
>> Hi Rob,
>>
>> How would that work? I was under the impression the first column was
>> for socket type and limited to
>> local, host, hostssl, and hostnossl?
>>
>> Thunderbird's config has been fixed, so here is the line from
>> pg_hba.conf line without the
>> formatting issues:
>>
>> host all all 192.168.1.0/24 gss include_realm=1 map=testnet
>> krb_realm=A.DOMAIN.TLD
>>
>>
>> Thanks,
>> Ryan
> 
> 
> Hello Ryan,
> 
> I'm probably incorrect about this as I don't use pg_ident but my
> understanding is that each line in pg_ident consists of three fields
> being:-
> 
> mask-name external-credentials internal-credentials
> 
> so that the external log-on is converted to its Postgres log-on and
> then the mask-name is used to find a line in pg_hba.conf to verify that
> the external-credentials were submitted from an allowable IP address.
> 
> Maybe somebody more knowledgeable than myself could provide a better
> example.
> 
> 
> Cheers,
> Rob
> 
> 

Hi Rob,

That's my understanding of the syntax and workflow from the reading and 
small experiments I've done as well.

There's two of us, so we're on our way to a consensus. :)

Thanks!

Ryan


-- 
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general