----- "Daniel Verite" <daniel@manitou-mail.org> wrote:
> Tim Uckun wrote:
>
>
> > I am very confused about something though. Not one person here has
> > said anything about how pg_ident works or what I did wrong. Is
> > pg_ident deprecated? Is there no way to accomplish this with
> pg_ident?
>
> I just tried with 8.4.1. Started with the default configuration,
> created
> data/pg_ident.conf with:
> pg_map root postgres
> pg_map postgres postgres
>
> Replaced in pg_hba.conf:
> < local all all trust
> by
> > local all all ident
> map=pg_map
>
> Restarted the server, and then:
> $ su -
> # /usr/local/pg84/bin/psql -U postgres
> psql (8.4.1)
> Type "help" for help.
>
> postgres=#
>
> ... it appears to works.
>
> Now if I remove that line in data/pg_ident.conf:
> pg_map root postgres
> and reload the server and retry, I get the expected rejection:
> psql: FATAL: Ident authentication failed for user "postgres"
> and in the server logs:
> LOG: no match in usermap for user "postgres" authenticated as "root"
> CONTEXT: usermap "pg_map"
> FATAL: Ident authentication failed for user "postgres"
>
> That's on ubuntu 9.04, with postgres compiled from source.
Which is why I think this is an out of order problem. The Ruby script is trying to connect before the proper
informationis in pg_ident.conf and/or pg_hba.conf.
>
> > Why has everybody suggested either I don't do what I want/need to
> do
> > or that I should do it via the su mechanism?
>
> On unix systems, it's a standard recommendation not to run anything as
> root
> when it's possible to do otherwise, so we just apply this to psql I
> guess.
>
> Best regards,
> --
> Daniel
> PostgreSQL-powered mail user agent and storage:
> http://www.manitou-mail.org
Adrian Klaver
aklaver@comcast.net
