While pg_hba.conf has supported the "all" keyword since a very long time, pg_ident.conf doesn't have this same functionality. This changes permission checking in pg_ident.conf to handle "all" differently from any other value in the database-username column. If "all" is specified and the system-user matches the identifier, then the user is allowed to authenticate no matter what user it tries to authenticate as.
This change makes it much easier to have a certain database administrator peer or cert authentication, that allows connecting as any user. Without this change you would need to add a line to pg_ident.conf for every user that is in the database. In some small sense this is a breaking change if anyone is using "all" as a user currently and has pg_ident.conf rules for it. This seems unlikely, since "all" was already handled specially in pg_hb.conf. Also it can easily be worked around by quoting the all token in pg_ident.conf. As long as this is called out in the release notes it seems okay to me. However, if others disagree there would be the option of changing the token to "pg_all". Since any pg_ prefixed users are reserved by postgres there can be no user. For now I used "all" though to stay consistent with pg_hba.conf.
v1-0001-Support-using-all-for-the-db-user-in-pg_ident.con.patch
Description: v1-0001-Support-using-all-for-the-db-user-in-pg_ident.con.patch
