Обсуждение: IDENT authentication with md5 fallback
Hello,
I was wondering if there is a way I can set up my pg_hba.conf to allow "ident sameuser" authentication, but fall back to "md5" if it fails. I would like users to be able to login to their databases (which correspond to their usernames and ident responses), however when they need to use PHP to login, they must enter a password because the ident response will be different (always "apache" I would assume).
I have tried the following pg_hba.conf configurations, but I cannot seem to get this right.
This results in only allowing users to login after entering the correct password:
local sameuser all md5
local sameuser all ident sameuser
This results in ident checking and returning FATAL without asking for a password if it fails:
local sameuser all ident sameuser
local sameuser all md5
So, how would I configure pg_hba.conf to work like this? Is it possible, or should I only allow md5 and not worry about ident? Please let me know.
I was wondering if there is a way I can set up my pg_hba.conf to allow "ident sameuser" authentication, but fall back to "md5" if it fails. I would like users to be able to login to their databases (which correspond to their usernames and ident responses), however when they need to use PHP to login, they must enter a password because the ident response will be different (always "apache" I would assume).
I have tried the following pg_hba.conf configurations, but I cannot seem to get this right.
This results in only allowing users to login after entering the correct password:
local sameuser all md5
local sameuser all ident sameuser
This results in ident checking and returning FATAL without asking for a password if it fails:
local sameuser all ident sameuser
local sameuser all md5
So, how would I configure pg_hba.conf to work like this? Is it possible, or should I only allow md5 and not worry about ident? Please let me know.
-- Dustin C. Hatch http://www.dchweb.com