On Tue, Dec 31, 2024 at 5:17 PM Nick <lis...@ageofdream.com> wrote:
> > ``` > local all all peer map=ansible_map > ``` > > > In `pg_ident.conf`, add: > > ``` > ansible_map ansible postgres > ansible_map postgres postgres > > ``` > > > This seems to work, but is it secure? If USER is `all` in > `pg_hba.conf`, can any POSIX account login? > > The presence of the mapping file reference makes the entry secure in the sense that only those connection combinations that are explicitly permitted can happen. The "all" is automatically restricted to those accounts listed in the file. At worst you might get an unwanted failure if, say, you wanted some other account "alice" to be able to connect to the cluster using the role "alice". The "all" would match and use the mapping that doesn't include "alice". David J.
