Home > mailing lists

Re: [GENERAL] pg_ident mapping Kerberos Usernames - Mailing list pgsql-general

From	rob stone
Subject	Re: [GENERAL] pg_ident mapping Kerberos Usernames
Date	September 11, 2017 19:51:38
Msg-id	1505137898.4583.5.camel@gmail.com Whole thread Raw
In response to	Re: [GENERAL] pg_ident mapping Kerberos Usernames (techmail+pgsql@dangertoaster.com)
Responses	Re: [GENERAL] pg_ident mapping Kerberos Usernames (techmail+pgsql@dangertoaster.com)
List	pgsql-general

Tree view


> > 
> 
> Hi Rob,
> 
> How would that work? I was under the impression the first column was
> for socket type and limited to 
> local, host, hostssl, and hostnossl?
> 
> Thunderbird's config has been fixed, so here is the line from
> pg_hba.conf line without the 
> formatting issues:
> 
> host all all 192.168.1.0/24 gss include_realm=1 map=testnet
> krb_realm=A.DOMAIN.TLD
> 
> 
> Thanks,
> Ryan


Hello Ryan,

I'm probably incorrect about this as I don't use pg_ident but my
understanding is that each line in pg_ident consists of three fields
being:-

mask-name external-credentials internal-credentials

so that the external log-on is converted to its Postgres log-on and
then the mask-name is used to find a line in pg_hba.conf to verify that
the external-credentials were submitted from an allowable IP address.

Maybe somebody more knowledgeable than myself could provide a better
example.


Cheers,
Rob




-- 
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

pgsql-general by date:

From: Thomas Güttler
Date: 11 September 2017, 19:25:26
Subject: [GENERAL] Final pg_dumpall should happen in Single-User-Mode

From: Dave Florek
Date: 11 September 2017, 20:02:45
Subject: [GENERAL] Needing verification on instructions for streaming replication

Re: [GENERAL] pg_ident mapping Kerberos Usernames - Mailing list pgsql-general

Previous

Next