Re: [GENERAL] pg_ident mapping Kerberos Usernames

Поиск
Список
Период
Сортировка
От Jeff Janes
Тема Re: [GENERAL] pg_ident mapping Kerberos Usernames
Дата
Msg-id CAMkU=1x87crLJDUs0_dNyu4G+P040v8CN1fY8k1LL+EmQU9TkQ@mail.gmail.com
обсуждение исходный текст
Ответ на Re: [GENERAL] pg_ident mapping Kerberos Usernames  (techmail+pgsql@dangertoaster.com)
Список pgsql-general
Дерево обсуждения
On Sun, Sep 10, 2017 at 4:31 PM, <techmail+pgsql@dangertoaster.com> wrote:

GSSAPI is the authentication mechanism of choice, and it's working fine.

Here is what I'm trying to accomplish.

'user1' == 'user1' and 'user1@A.DOMAIN.TLD' == 'user1'.

From reading the docs, this is done via the pg_ident.conf file, and from reading the logs, there is a problem with my map.

Hmm... Interesting thought.
*testing*
It sort of works. Setting the maps below maps the users straight across. 'user1' == 'user1' and 'user1@A.DOMAIN.TLD' == 'user1@A.DOMAIN.TLD', so it's partially working.

pg_indent.conf:
testnet /^([0-9A-Za-z_-]+)@A\.DOMAIN\.TLD$ \1
 testnet /^([0-9A-Za-z_-]+)@A\.DOMAIN\.TLD$ \1@A.DOMAIN.TLD

I think you want this:

testnet        /(.*)                                                               \1
testnet        /^([0-9A-Za-z_-]+)@A\.DOMAIN\.TLD$       \1
testnet       /^([0-9A-Za-z_-]+)                                         \1@A.DOMAIN.TLD


But since your pg_hba has include_realm=1, I don't know how you are getting the realmless "system user" names in the first place, so the last line really shouldn't be necessary.

Cheers,

Jeff

В списке pgsql-general по дате отправления:

Предыдущее
От: Scott Marlowe
Дата:
Сообщение: [GENERAL] contrecord is requested
Следующее
От: Michael Paquier
Дата:
Сообщение: Re: [GENERAL] contrecord is requested