Thread: pg_ident.conf not working?
I've noticed a difference in postgresql 8.3 and 9.0.1 that I suspect is a bug. pg_ident.conf isn't working the way it used to. I have a website set-up with apache running as using user "www-data". As I remember it, I found that it was difficult to set-up a postgres user name with a hyphen in it, so I fell back on creating a "www" postgres account, and I used the mapping: pg_ident.conf: # MAPNAME SYSTEM-USERNAME PG-USERNAME apache www-data www That used to work with postgres 8.3 (running on the same box as apache, of course), now with postgres 9.0.1 I can't get things like this to work: pg_hba.conf # TYPE DATABASE USER CIDR-ADDRESS METHOD local my_dbname www ident The log shows the error message: LOG: provided user name (www) and authenticated user name (www-data) do not match FATAL: Ident authentication failed for user "www" I can "fix" this by changing "ident" to "trust", but I'd rather restrict access to just the apache user. (Hm... maybe I need to try "ident map=apache"?)
Joe Brenner <doom@kzsu.stanford.edu> wrote: > I've noticed a difference in postgresql 8.3 and 9.0.1 that I suspect > is a bug. pg_ident.conf isn't working the way it used to. > > I have a website set-up with apache running as using user > "www-data". As I remember it, I found that it was difficult to > set-up a postgres user name with a hyphen in it, so I fell back > on creating a "www" postgres account, and I used the mapping: > > pg_ident.conf: > > # MAPNAME SYSTEM-USERNAME PG-USERNAME > apache www-data www > > That used to work with postgres 8.3 (running on the same > box as apache, of course), now with postgres 9.0.1 I can't > get things like this to work: > > pg_hba.conf > > # TYPE DATABASE USER CIDR-ADDRESS METHOD > local my_dbname www ident > > The log shows the error message: > > LOG: provided user name (www) and authenticated user name (www-data) do not match > FATAL: Ident authentication failed for user "www" > > I can "fix" this by changing "ident" to "trust", but I'd > rather restrict access to just the apache user. > > (Hm... maybe I need to try "ident map=apache"?) Yes, it turns out that if I use the "map" option to explicitly tell it which line of pg_ident.conf I want it to use, I can get it to work. I stumbled across that here: http://www.builderau.com.au/program/mysql/soa/Why-PostgreSQL-is-a-better-enterprise-database-than-MySQL/0,339028784,339300964,00.htm Though I see it is indeed explained where it should be, I just kept skimming past it: http://developer.postgresql.org/pgdocs/postgres/auth-username-maps.html More code examples would help...
Joe Brenner skrev 2010-10-16 22.49: > Joe Brenner<doom@kzsu.stanford.edu> wrote: > I've noticed a difference in postgresql 8.3 and 9.0.1 that I suspect > is a bug. pg_ident.conf isn't working the way it used to. 8< -- snip --- > > Though I see it is indeed explained where it should be, I just kept > skimming past it: > > http://developer.postgresql.org/pgdocs/postgres/auth-username-maps.html That is the docs for the version being developed (currently 9.1). You probably wanted http://www.postgresql.org/docs/9.0/static/auth-username-maps.html Don't think there's much difference in this case but I thought I'd point it out just in case. Regards, Robert "roppert" Gravsjö > > More code examples would help... > >