This key word is used in the pg_hba.conf file for users who have an ident map defined. An ident map is a record that identifies the operating system users with their corresponding PostgreSQL database user names. The ident map is defined in the pg_ident.conf file. This file is located beneath the same directory path as the pg_hba.conf file, which is the $PGDATA directory (/usr/local/pgsql/data/).
Users with an ident map defined can connect to the database server via TCP/IP as another database user name. Usually, the system user name is used to connect to PostgreSQL. Some rules you should keep in mind when defining and using an ident map are:
The pg_ident.conf file can contain multiple ident maps.
The pg_hba.conf file determines the types of connections that relate to users in this file.
Each ident map is defined by a one line record.
A record to define an ident map consist of 3 tokens. The syntax to define an ident map in the pg_ident.conf file is:
map ident_username Postgres_username
These tokens are defined as:
the name used in the pg_hba.conf file to refer to ident user map.
this is usually the name of the system user connecting into the database.
the database user name equivalent to the ident user name.
Using the booktown database, there are employees william and julene. Julene can have access to the julene user and julie user on the booktown database. The next records defines for the system user name wjulene two other database user names for her to log onto. While the system user hwill can only connect using the william database user name.
#MAP IDENT POSTGRES_USERNAME #---------------------------------------------------- sales hwill william temp wjulene julene temp wjulene julie
For this to work requires adding a record into the pg_hba.conf file for each ident map. For example, the following records could be added to the pg_hba.conf file to correspond with the users you defined ident map for:
host all 22.214.171.124 255.255.255.255 ident sales host template1 126.96.36.199 255.255.255.255 ident temp
The first record defined allows system user hwill to connect to all databases as the PostgreSQL user william. The second record defines system user wjulene to only have access to the template1 database, but she can connect as either the julene or julie PostgreSQL user.
|Mapping to Several Users|
It is possible for an operating system user to map to multiple PostgreSQL user names. This can be seen with the previous example. A user can specify the user name to log in as when prompted during connection.
If you are planning to have one-to-one correspondence between system user names and PostgreSQL user names, then you do not need to use the pg_ident.conf file. Instead, you can use the special map name "sameuser" in the pg_hba.conf file. Again, using our previous example, we can specify all of those on the same network (the TCP/IP address will depend on your network structure) to have permissions to connect with the same PostgreSQL database name as their system user name:
host all 188.8.131.52 255.255.255.255 ident sameuser
To add a single line comment into this file, use the hash mark (#).
Help us make a better book, leave feedback. (http://www.opendocspublishing.com/entry.lxp?lxpe=92)