This key word is used in the pg_hba.conf file for users who have an ident map defined. An ident map is a record that identifies the operating system users with their corresponding PostgreSQL database user names. The ident map is defined in the pg_ident.conf file. This file is located beneath the same directory path as the pg_hba.conf file, which is the $PGDATA directory (/usr/local/pgsql/data/).

Users with an ident map defined can connect to the database server via TCP/IP as another database user name. Usually, the system user name is used to connect to PostgreSQL. Some rules you should keep in mind when defining and using an ident map are:

  • The pg_ident.conf file can contain multiple ident maps.

  • The pg_hba.conf file determines the types of connections that relate to users in this file.

  • Each ident map is defined by a one line record.

A record to define an ident map consist of 3 tokens. The syntax to define an ident map in the pg_ident.conf file is:

map ident_username Postgres_username

These tokens are defined as:

map name

the name used in the pg_hba.conf file to refer to ident user map.

ident username

this is usually the name of the system user connecting into the database.

Postgres username

the database user name equivalent to the ident user name.

Using the booktown database, there are employees william and julene. Julene can have access to the julene user and julie user on the booktown database. The next records defines for the system user name wjulene two other database user names for her to log onto. While the system user hwill can only connect using the william database user name.

        #MAP   IDENT        POSTGRES_USERNAME 
        #----------------------------------------------------
        sales  hwill        william 
        temp   wjulene      julene 
        temp   wjulene      julie

        

For this to work requires adding a record into the pg_hba.conf file for each ident map. For example, the following records could be added to the pg_hba.conf file to correspond with the users you defined ident map for:

        host   all         183.190.35.1    255.255.255.255    ident    sales 
        host   template1   183.190.53.0    255.255.255.255    ident    temp

        

The first record defined allows system user hwill to connect to all databases as the PostgreSQL user william. The second record defines system user wjulene to only have access to the template1 database, but she can connect as either the julene or julie PostgreSQL user.

Note Mapping to Several Users
 

It is possible for an operating system user to map to multiple PostgreSQL user names. This can be seen with the previous example. A user can specify the user name to log in as when prompted during connection.

If you are planning to have one-to-one correspondence between system user names and PostgreSQL user names, then you do not need to use the pg_ident.conf file. Instead, you can use the special map name "sameuser" in the pg_hba.conf file. Again, using our previous example, we can specify all of those on the same network (the TCP/IP address will depend on your network structure) to have permissions to connect with the same PostgreSQL database name as their system user name:

        host   all         183.190.0.0    255.255.255.255     ident     sameuser
        

Note Commenting
 

To add a single line comment into this file, use the hash mark (#).

Help us make a better book, leave feedback. (http://www.opendocspublishing.com/entry.lxp?lxpe=92)