Home > mailing lists

Re: Using both ident and password in pg_hba.conf - Mailing list pgsql-general

From	John R Pierce
Subject	Re: Using both ident and password in pg_hba.conf
Date	May 9, 2016 23:24:38
Msg-id	96b04007-f42f-700d-9122-411f0f506ae5@hogranch.com Whole thread Raw
In response to	Re: Using both ident and password in pg_hba.conf ("D'Arcy J.M. Cain" <darcy@druid.net>)
List	pgsql-general

Tree view

On 5/9/2016 1:18 PM, D'Arcy J.M. Cain wrote:

Basically I think that pg_hba.conf is missing a feature.  We can
specify the database, the user and the address but we can't specify the
authenticated user.  When it sees this;

provided user name (x) and authenticated user name (nobody) do not match

I would like it to connect with user x but drop to password
authentication.

'ident' is only secure over local 'domain' sockets, not over tcp/ip.

that said, you can use an ident user map to do what you want, this would say '"nobody" can log on as A, B, or C'

-- 
john r pierce, recycling bits in santa cruz

pgsql-general by date:

From: "D'Arcy J.M. Cain"
Date: 09 May 2016, 23:19:03
Subject: Re: Using both ident and password in pg_hba.conf

From: Adrian Klaver
Date: 09 May 2016, 23:39:55
Subject: Re: Using both ident and password in pg_hba.conf

Re: Using both ident and password in pg_hba.conf - Mailing list pgsql-general

Previous

Next