[lug] PostgresSQL user mapping question
Bear Giles
bgiles at coyotesong.com
Sat Sep 28 16:46:38 MDT 2002
Glenn Murray wrote:
>
> When folks download and run ocw they need to create and populate a
> PostgreSQL database. I thought the best way to do this is to have a
> PostgreSQL user ocw which they would create as user postgres using
> createuser. Is there a better way? Right now the only way I can make
> this work is to have each downloader create a PostgreSQL with his or
> her own user name and have them edit a properties file from which ocw
> can pick up that name.
PostgreSQL can authenticate users in numerous ways - based on identd
information, PAM, an explicit listing of users, etc. Even more are
coming, e.g., I've been working on supporting client certificates and
mapping them to PostgreSQL users. (Easy in concept, not so easy when
some core developers still don't understand why SSH tunnels aren't all
you would ever need.) Identd is about the last method I would use...
except for local users connected via the Unix socket where the kernel
can provide the information. (This is actually a feature of Unix
sockets, not identd, but the same logic applies otherwise.)
Anyway, you would probably want to use either an explicit mapping and
each users passes the information as they set up the connection. I
think the clients can all accept -U <user> and -P options to specify
the user and password, JDBC has hooks to specify user and password,
it can be encoded into the database, etc.
More information about the LUG
mailing list