Bill Moseley wrote:
> On Tue, Jan 13, 2004 at 02:38:04PM +1100, Russell Shaw wrote:
>
>>In pg_ident.conf, i put:
>>
>> # MAPNAME IDENT-USERNAME PG-USERNAME
>> apache www-data russell
>> apache russell russell
>>
>>This works:
>> psql -U russell parts_list
>>
>>This doesn't:
>> psql -U www-data parts_list
>>
>>It says: psql: FATAL: IDENT authentication failed for user "www-data"
>
> I don't think that's how it works. But, I'm just learning -- so I'll
> try and get it correct (but no guarantees).
Hi,
By a process of elimination, i think it works like this:
The script is:
<?php
$conn=pg_connect("dbname=parts_list user=russell");
if(!$conn)
exit(pg_result_error($conn));
?>
Apache accesses postgres postmaster saying it is russell (from the php
user=russell above). However, postmaster finds out by identd that the
process (apache) is user www-data. So, ident user www-data needs to be
mapped as postgres user russell in pg_ident.conf. I have in pg_hba.conf:
# TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
local all postgres ident sameuser
local all russell ident apache
host all russell 127.0.0.1 255.255.255.255 ident apache
local all all ident sameuser
host all all 127.0.0.1 255.255.255.255 ident sameuser
host all all 0.0.0.0 0.0.0.0 reject
pg_ident.conf:
# MAPNAME IDENT-USERNAME PG-USERNAME
apache www-data russell
apache russell russell # for non-apache