Hi Geoff,
No, there is no such mechanism. The ident service (it's not safe as you probably know) only delivers the name of the user who has initiated the TCP connection to the PG server.
This will be matched to the PG user the connection is supposed to be established as. If they match, the respective line of pg_hba.conf might grant access.
pg_ident.conf can be used to match system usernames (of the client machine) to PG usernames.
The /etc/group file which technically could be accessed by PG processes resides on the server and thus could be very different from the one on the client machine. Plus, the system username used on the client machine may not even exist on the server, nor does the PG username have to exist as a system username on client or server.
Therefore, using Unix groups wouldn't make much sense.
Regards,
Holger
Am 30.01.20 um 12:59 schrieb Geoff Winkless:
Hi
Not sure if I'm missing something obvious but I can't see a way to set up pg_ident with unix groups in the username maps.
Is it possible or do I have to set up one entry for every user?
Ta
Geoff
