Hi,
I am trying to set up a database server with multiple DB clusters, so that in each cluster a number of users have their own database each, with passwordless access (we can trust the network security in our installation). The following is what seems like it *should* work:
host all all 127.0.0.1 255.255.255.255 password host sameuser all xxx.xxx.xxx.0 255.255.255.128 ident sameuser host all @fac xxx.xxx.xxx.0 255.255.255.128 trust
The second line ("host sameuser") is the problem. It doesn't work -- when tryign to connect, I keep getting error messages:
$ whoami testuser $ psql -h db-edlab -p 7666 testuser testuser psql: FATAL: IDENT authentication failed for user "testuser"
If I replace 'ident sameuser' with 'trust' there, it works fine -- but then any user can access anyone else's database, providing they request the same password.
you need to read the manual to understand what same user does/does not.
The idea is that each user should be able to access only their database, only as themselves, without password -- but I can't figure out what I am doing wrong. Any help? if what I am trying to do is impossible, is there any other way to achieve such a goal -- i.e. passwordless access that allows each user to access only their own database over the network?
have not had the need for this, but i guess that the sql-commands GRANT and/or REVOKE can be of help, look in the manual.
BTW, as long as I am writing, a somewhat related question, which is not nearly as important as the previous one.
I launch multiple postmatser processes, each servicing a dedicated DB cluster on a dedicated port. The problem is that I only ever see *one* local UNIX socket (/tmp/.s.PGSQL.<portnumber>) file. There is a .lock file created corresponding to each server/port combo, but it looks like each subsequent instance of the postmaster kills the previous instance's UNIX socket. Is this how it should be -- and if so, are there any pg_ctl options I can pass in to make it simply not create the UNIX sockets altogether, so that only network operations are supported? AT the moment, I am doing admin access though the loopback device, so it's not a big issue.
---------------------------(end of broadcast)--------------------------- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
