On Fri, Oct 04, 2002 at 05:05:26PM +0900, Harry Ohlsen wrote:
> On Fri, 4 Oct 2002 11:47, Pe?a, Botp wrote:
> > Hi Harry,
> >
> > if it's not too much to ask. How/what did you fix?
> > it might help me someday, too.
> 
> Alan explained that in order for a user other than the owner of a particular 
> database to access it, one needs to do some setup in two files: pg_hba.conf 
> and pg_ident.conf.
> 
> In my case, I wanted the user "apache" to be able to access the database 
> "harryo" (which is owned by harryo).  In pg_hba.conf, I added
> 
>    local harryo ident mymap
> 
> As far as I understand it, this means that when anyone tries to access 
> database "harryo" locally (ie, on this host), use the authentication defined 
> in pg_ident.conf as "mymap".
> 
> In pg_ident.conf, I added
> 
>    mymap apache harryo
>    mymap harryo  harryo
> 
> I believe what this says is, if either "apache" or "harryo" attempts to access 
> anything specified as mapping to "mymap" (in this case, just the database 
> "harryo" as defined by the previous change in pg_hba.conf), authenticate them 
> as though they were "harryo".
> 
> I'm not sure why this is necessary, since I had apache connecting to the 
> database as "harryo", anyway, but it works fine.  I'll worry about 
> understanding it later ... maybe :-).
> 
> Harry O.

Just so everybody knows, this is just one way to setup the posgres authentication.
Depending on your objectives, there are many other variations, particularly if you
need to make the database visible to direct connections from other machines.

-- 
Alan Chen
Digikata LLC
http://digikata.com