Re: [GENERAL] pg_ident mapping Kerberos Usernames
| От | Jeff Janes |
|---|---|
| Тема | Re: [GENERAL] pg_ident mapping Kerberos Usernames |
| Дата | |
| Msg-id | CAMkU=1x87crLJDUs0_dNyu4G+P040v8CN1fY8k1LL+EmQU9TkQ@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: [GENERAL] pg_ident mapping Kerberos Usernames (techmail+pgsql@dangertoaster.com) |
| Список | pgsql-general |
On Sun, Sep 10, 2017 at 4:31 PM, <techmail+pgsql@dangertoaster.com> wrote:
GSSAPI is the authentication mechanism of choice, and it's working fine.
Here is what I'm trying to accomplish.
'user1' == 'user1' and 'user1@A.DOMAIN.TLD' == 'user1'.
From reading the docs, this is done via the pg_ident.conf file, and from reading the logs, there is a problem with my map.
Hmm... Interesting thought.
*testing*
It sort of works. Setting the maps below maps the users straight across. 'user1' == 'user1' and 'user1@A.DOMAIN.TLD' == 'user1@A.DOMAIN.TLD', so it's partially working.
pg_indent.conf:
testnet /^([0-9A-Za-z_-]+)@A\.DOMAIN\.TLD$ \1
testnet /^([0-9A-Za-z_-]+)@A\.DOMAIN\.TLD$ \1@A.DOMAIN.TLD
I think you want this:
testnet /(.*) \1
testnet /^([0-9A-Za-z_-]+)@A\.DOMAIN\.
testnet /^([0-9A-Za-z_-]+) \1@A.DOMAIN.TLD
But since your pg_hba has include_realm=1, I don't know how you are getting the realmless "system user" names in the first place, so the last line really shouldn't be necessary.
Cheers,
Jeff
В списке pgsql-general по дате отправления: