ident authorization (was backup: pg_dumpall and full backups in general) - Mailing list pgsql-general

From Dado Feigenblatt
Subject ident authorization (was backup: pg_dumpall and full backups in general)
Date
Msg-id 3C05843F.2000203@wildbrain.com
Whole thread Raw
In response to backup: pg_dumpall and full backups in general  (Dado Feigenblatt <dado@wildbrain.com>)
Responses Re: ident authorization (was backup: pg_dumpall and full backups in general)
List pgsql-general
  Hi Tom,

I followed your sugestion and got identd up and running on the server.
It seems to be working fine.
I think my problem now is with pg_hba.conf and pg_ident.conf.
During a psql session I can't switch to another user using

 template1=\connect dado_test dado
 IDENT authentication failed for user 'dado'
 Previous connection kept

I thought it was because I was using the "sameuser" map in pg_hba.conf

 host         all         127.0.0.1     255.255.255.255     ident sameuser

So I changed the map name pg_hba.conf

 host         all         127.0.0.1     255.255.255.255     ident usermap

and added to pg_ident.conf the other user names postgres might have to
switch to

 usermap   postgres     postgres
 usermap   postgres     purp
 usermap   postgres     dado
 usermap   postgres     greg


I still get the same error.
Any idea?

Thanks.

Tom Lane wrote:

>Dado Feigenblatt <dado@wildbrain.com> writes:
>
>>[ problems with pg_dumpall and password protection ]
>>
>
>Password protection just doesn't play very nicely with dump scripts.
>Especially not scripts you'd like to invoke from cron jobs.
>I'd strongly recommend setting up a different authorization method.
>
>One way that's reasonably secure is to run an ident server (non-broken
>one of course) and enable ident authorization over local loopback only.
>Then a simple "export PGHOST=127.0.0.1" frees you from entering any
>more passwords.
>
>            regards, tom lane
>
>---------------------------(end of broadcast)---------------------------
>TIP 2: you can get off all lists at once with the unregister command
>    (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)
>


--
Dado Feigenblatt                                 Wild Brain, Inc.
Technical Director                               (415) 216-2053
dado@wildbrain.com                               San Francisco, CA.




pgsql-general by date:

Previous
From: "Roderick A. Anderson"
Date:
Subject: Warm Fuzzy Feeling!
Next
From: Dado Feigenblatt
Date:
Subject: pg_dump and order of events