Home > mailing lists

Allow +group in pg_ident.conf - Mailing list pgsql-hackers

From	Andrew Dunstan
Subject	Allow +group in pg_ident.conf
Date	January 9, 2023 16:00:26
Msg-id	8c8855d0-61eb-8692-44c4-ff12194d6e7c@dunslane.net Whole thread Raw
Responses	Re: Allow +group in pg_ident.conf
List	pgsql-hackers

Tree view

Over at [1] I speculated that it might be a good idea to allow
+grouprole type user names in pg_ident.conf. The use case I have in mind
is where the user authenticates to pgbouncer and then pgbouncer connects
as the user using a client certificate. Without this mechanism that
means that you need a mapping rule for each user in pg_ident.conf, which
doesn't scale very well, but with this mechanism all you have to do is
grant the specified role to users. So here's a small patch for that.

Comments welcome.


cheers


andrew


[1] https://postgr.es/m/6912eb9c-4905-badb-ad87-eeca8ace13e7@dunslane.net

--
Andrew Dunstan
EDB: https://www.enterprisedb.com

Attachment

ident-plus-role.patch

pgsql-hackers by date:

From: Jelte Fennema
Date: 09 January 2023, 16:00:01
Subject: Re: [EXTERNAL] Re: Support load balancing in libpq

From: Richard Guo
Date: 09 January 2023, 16:28:16
Subject: Re: Allow DISTINCT to use Incremental Sort

Allow +group in pg_ident.conf - Mailing list pgsql-hackers

Attachment

Previous

Next