Hi all,
suppose that I want to allow one user local access to
template1 under the database account postgres (which is the
superuser for my PostgreSQL). pg_hba.conf contains this:
local all postgres ident sameuser
I would then set up pg_ident.conf like this:
postgres-alikes ncq postgres
where ncq is the user that is to gain access to template1. I
then modify pg_hba.conf like so:
local template1 postgres ident postgres-alikes
local all postgres postgres
Now, ncq can connect nicely connect to template1 under the
name postgres. However, I have disable access for the real
(system) account postgres to template1 ! The solution is to
add to pg_ident.conf this line
postgres-alikes postgres postgres
While technically correct (the docs say there is not
fallback mechanism for authentications) this does not feel
intuitive. Is there any particular reason (apart from the
fact that I am not including a patch) that the following
syntax is not supported ?
local template1 postgres ident sameuser,postgres-alikes
that is to allow a *list* of map-names for ident. That would
nicely solve the problem.
Thanks for enlightenment !
Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346