Re: Kerberos principal to dbuser mapping

Daniel writes:

> way to solve this is to use a translation method from
> principal to database users, i. e. a table.
> As the number of users of the database grows, using a
> preprocessed flat file to manage this becomes more and
> more of a problem. At that point one usually begins to
> look for the functionality of a database, and one is
> certainly close at hand :).

The server cannot access the database before you're authenticated to do
so, plus if the authentication setup is contained in the database and you
mess it up, how do you get back in?  These are the two reasons why the
information is kept in flat files.  One might come up with ways to edit
these files from within the SQL environment, which indeed is a frequently
requested feature, but for solving the problem at hand, namely the
Kerberos principal to PostgreSQL user mapping, use a flat file.  You can
probably use most of the ident.conf code.

-- 
Peter Eisentraut   peter_e@gmx.net