Home > mailing lists

Re: Initial Postgres admin account setup using Ansible? - Mailing list pgsql-general

From	David G. Johnston
Subject	Re: Initial Postgres admin account setup using Ansible?
Date	January 1 06:32:58
Msg-id	CAKFQuwbW_M6Bd5pncjrWRHzpWw1pUr093MAge53zRpayL02LdA@mail.gmail.com Whole thread Raw
In response to	Re: Initial Postgres admin account setup using Ansible? (Nick <lists2@ageofdream.com>)
List	pgsql-general

Tree view

On Tue, Dec 31, 2024 at 5:17 PM Nick <lists2@ageofdream.com> wrote:

```
local all all peer map=ansible_map
```

In `pg_ident.conf`, add:

```
ansible_map ansible postgres
ansible_map postgres postgres

```

This seems to work, but is it secure? If USER is `all` in
`pg_hba.conf`, can any POSIX account login?

The presence of the mapping file reference makes the entry secure in the sense that only those connection combinations that are explicitly permitted can happen. The "all" is automatically restricted to those accounts listed in the file. At worst you might get an unwanted failure if, say, you wanted some other account "alice" to be able to connect to the cluster using the role "alice". The "all" would match and use the mapping that doesn't include "alice".

David J.

pgsql-general by date:

From: Nick
Date: 01 January, 06:17:07
Subject: Re: Initial Postgres admin account setup using Ansible?

From: Jan Behrens
Date: 01 January, 23:55:04
Subject: Re: search_path for PL/pgSQL functions partially cached?

Re: Initial Postgres admin account setup using Ansible? - Mailing list pgsql-general

Previous

Next