Keith G. Murphy said:
> Perhaps I can answer my own question. I could use ident and a map that
> lists the web server username as able to map to the different "role"
> usernames.
Someone else also mentioned and I personally agree that it's better to
authenticate in the application layer (using whatever technology takes
your fancy), and then use the webserver's generic/pooled connection to
communicate with the database.
Your user and role mapping info could be stored within the database, or
accessed from an LDAP server, or some such.
> Unfortunately, that still would allow the web server account
> to "fake" role names.
Make the application layer robust and secure and it may not be so much of
a problem.
John