Re: Postgresql gss user map doesn't work

Поиск
Список
Период
Сортировка
От Magnus Hagander
Тема Re: Postgresql gss user map doesn't work
Дата
Msg-id CABUevEyLQLrrowMZRRpLTa=7cMvY+N7LEVGrOxUVvqdrcCcMYQ@mail.gmail.com
обсуждение исходный текст
Ответ на Re: Postgresql gss user map doesn't work  (xujian <jamesxu@outlook.com>)
Список pgsql-admin
Дерево обсуждения


On Wed, Jul 1, 2015 at 7:36 PM, xujian <jamesxu@outlook.com> wrote:
Since we need to add user name in the command, which is not we want, I removed the map in the pg_ident.conf file, and created role xxx@COMPANY.COM in postgresql

the pg_hba.conf looks like:
host    all     all    all    gss include_realm=1

in pg_ident.conf, I removed all items

in postgresql, I create role
create role "xxx@COMPANY.COM" login

I thought it would work, because my credential is xxx@COMPANY.COM, and there was user xxx@COMPANY.COM in postgresql, it should map the my credential to user xxx@COMPANY.COM.

however, when I login with kerberos, I got error  below on server side
LOG:  provided user name (xxx) and authenticated user name (xxx@COMPANY.COM) do not match
FATAL:  GSSAPI authentication failed for user "xxx"

Do anyone know why it doesn't work?  thanks



The PostgreSQL clients (psql in this case) will default to what you are logged into on the local machine with (the result of getpwuid()). This returns "xxx", so that's what PostgreSQL logs in with. It does not explicitly ask the gss system what credentials are there until a much later stage.

To do what you want, you need to create "xxx" in the database, and have a pg_ident mapping xxx@COMPANY.COM to xxx (using a regexp map probably).
 


--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

В списке pgsql-admin по дате отправления:

Предыдущее
От: Scott Marlowe
Дата:
Сообщение: Re: Tuning on server with both running oracle and postgreSQL database
Следующее
От: Bert
Дата:
Сообщение: Architecture setup for multiple dwh databases: multi master, master slave, ...