Am Dienstag, 21. Juli 2009 16:01:01 schrieben Sie: > Doing it on the client presents a certain challenge when it comes to > certificates for example - or really in any case where you need to map > the username to something else. It would be quite convenient to have > that ability controlled from the server side. We'd have to have some > way to communicate down that the username specified was the default > one and not a user-specified one (or we're back at overriding), but if > the actual mapping could be controlled server-side it would be a lot > more convenient.
I thought about doing it on the client side too, but server side mapping seemed to me more flexible. In fact one could do a client side mapping (without knowledge of the auth method), by greping the username of the external system out of the error text from the server and doing a second auth with it. Just I don't like this ugly hack. There was another mail, where I described the use of the mapping patch: http://archives.postgresql.org/pgsql-hackers/2009-06/msg01496.php Please have a look on it. One can give different mappings for combinations of internal and external username. This way you could easy use different roles within the database with differnent applications, although the external auth system gives the same username. The "dummy"-user of the first mail was not the best example. I'm not the expert with PGs internals. So if you have a better way to get an usermapping based on the external auth, I could do a bit of research in this area, because I need something like this. regards Lars Kanis
signature.asc
Description: This is a digitally signed message part.