Re: I can't seem to put the right combination of magic into the pg_hba and pg_ident files.

Tim Uckun wrote:

> I am very confused about something though. Not one person here has
> said anything about how pg_ident works or what I did wrong. Is
> pg_ident deprecated? Is there no way to accomplish this with pg_ident?

I just tried with 8.4.1. Started with the default configuration, created
data/pg_ident.conf with:
pg_map root postgres
pg_map postgres postgres

Replaced in pg_hba.conf:
< local all all trust
by
> local all all ident map=pg_map

Restarted the server, and then:
$ su -
# /usr/local/pg84/bin/psql -U postgres
psql (8.4.1)
Type "help" for help.

postgres=#

... it appears to works.

Now if I remove that line in data/pg_ident.conf:
pg_map root postgres
and reload the server and retry, I get the expected rejection:
psql: FATAL: Ident authentication failed for user "postgres"
and in the server logs:
LOG: no match in usermap for user "postgres" authenticated as "root"
CONTEXT: usermap "pg_map"
FATAL: Ident authentication failed for user "postgres"

That's on ubuntu 9.04, with postgres compiled from source.

> Why has everybody suggested either I don't do what I want/need to do
> or that I should do it via the su mechanism?

On unix systems, it's a standard recommendation not to run anything as root
when it's possible to do otherwise, so we just apply this to psql I guess.

Best regards,
--
Daniel
PostgreSQL-powered mail user agent and storage: http://www.manitou-mail.org