I've noticed a difference in postgresql 8.3 and 9.0.1 that I suspect
is a bug. pg_ident.conf isn't working the way it used to.
I have a website set-up with apache running as using user
"www-data". As I remember it, I found that it was difficult to
set-up a postgres user name with a hyphen in it, so I fell back
on creating a "www" postgres account, and I used the mapping:
pg_ident.conf:
# MAPNAME SYSTEM-USERNAME PG-USERNAME
apache www-data www
That used to work with postgres 8.3 (running on the same
box as apache, of course), now with postgres 9.0.1 I can't
get things like this to work:
pg_hba.conf
# TYPE DATABASE USER CIDR-ADDRESS METHOD
local my_dbname www ident
The log shows the error message:
LOG: provided user name (www) and authenticated user name (www-data) do not match
FATAL: Ident authentication failed for user "www"
I can "fix" this by changing "ident" to "trust", but I'd
rather restrict access to just the apache user.
(Hm... maybe I need to try "ident map=apache"?)