When using certificate authentication, as described in the previous recipe, or any other external or single sign-on system authentication method from http://www.postgresql.org/docs/9.4/static/auth-methods.html (GSSAPI, SSPI, Kerberos, Radius, or PAM), you often have different usernames in the external system and your database. Or, you may just need to enable some externally authenticated user to connect as multiple database users.
Prepare a list of usernames from the external authentication system and decide which database users they are allowed to connect as—that is, which external users map to which database users.
Create a pg_ident.conf
file in the usual place (PGDATA
), with lines in the following format:
map-name system-username database-username
Here, map-name
is the value of the map
option from the corresponding line in pg_hba.conf
, system-username
is the username that the external system authenticated the connection...