Postgres Pro
Downloads
Home   >   mailing lists

Re: Postgresql gss user map doesn't work - Mailing list pgsql-admin

From xujian
Subject Re: Postgresql gss user map doesn't work
Date
Msg-id BAY181-W539F6B936B7C4F0DEE432EA1A80@phx.gbl
Whole thread Raw
In response to Re: Postgresql gss user map doesn't work  (xujian <jamesxu@outlook.com>)
Responses Re: Postgresql gss user map doesn't work
List pgsql-admin
Tree view
Since we need to add user name in the command, which is not we want, I removed the map in the pg_ident.conf file, and created role xxx@COMPANY.COM in postgresql

the pg_hba.conf looks like:
host    all     all    all    gss include_realm=1

in pg_ident.conf, I removed all items

in postgresql, I create role
create role "xxx@COMPANY.COM" login

I thought it would work, because my credential is xxx@COMPANY.COM, and there was user xxx@COMPANY.COM in postgresql, it should map the my credential to user xxx@COMPANY.COM.

however, when I login with kerberos, I got error  below on server side
LOG:  provided user name (xxx) and authenticated user name (xxx@COMPANY.COM) do not match
FATAL:  GSSAPI authentication failed for user "xxx"

Do anyone know why it doesn't work?  thanks

James


From: jamesxu@outlook.com
To: magnus@hagander.net
CC: pgsql-admin@postgresql.org
Subject: Re: [ADMIN] Postgresql gss user map doesn't work
Date: Wed, 1 Jul 2015 09:09:28 -0400

Thanks Magnus, you are awesome!

James


Date: Wed, 1 Jul 2015 08:38:45 +0200
Subject: Re: [ADMIN] Postgresql gss user map doesn't work
From: magnus@hagander.net
To: jamesxu@outlook.com
CC: pgsql-admin@postgresql.org



On Tue, Jun 30, 2015 at 11:37 PM, xujian <jamesxu@outlook.com> wrote:
it looks like I need to specify the mapping user name in the command, for instance, if my credential is xxx, I want to login as user company_com_xxx, I have to run command like

/psql -d dbname -h postgresql.server.name -U company_com_xxx

but why I need to specify the mapping user name company_com_xxx in command line? 
does anyone have same issue? thanks



Yes, that is working as intended. You always have to tell postgres which user you want to log in with, pg_ident only allows you to authenticate with a different name, you still have to tell the system which one you want.

You can also put the username in the PGUSER environment variable if it's something you want to deploy across many users.


--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

pgsql-admin by date:

Previous
From: xujian
Date:
Subject: Re: Postgresql gss user map doesn't work
Next
From: koff10
Date:
Subject: Tuning on server with both running oracle and postgreSQL database