* Andres Freund ([email protected]) wrote: > On 2014-02-14 11:03:19 -0500, Stephen Frost wrote: > > Also, all of the above ignores the pg_ident side of the house, which is > > even worse as you need an entry for every user, period, if you're using > > client-side SSL certificates or Kerberos/GSSAPI-based authentication > > with full princ names. > > Well, there's regexes for mappings, that can often enough take care of > most of that?
In some cases, yes, but certainly not all. Apologies for over-stating
the case, but I came from an environment where the Kerberos princs were
'm######', while the database users were all first-initial || last-name.
Also, the CN in an SSL certificate isn't likely to be what you want for
a username either, and a regexp isn't likely to help that either.
Thanks,
Stephen
signature.asc
Description: Digital signature
