Configuring IDENT authentication on Linux v41

By default, the pg_hba.conf file for the RPM installer enforces IDENT authentication. Before invoking EDB*Plus, you must either:

  • Modify the pg_hba.conf file, changing the authentication method to a form other than IDENT (and restarting the server.
  • Ensure that an IDENT server is accessible.

To ensure an IDENT server is accessible, you must confirm that an identd server is installed and running. You can use the yum package manager to install an identd server.

  • On RHEL or CentOS 7:

    yum -y install xinetd authd
  • On RHEL/Rocky Linux/AlmaLinux 8:

    dnf -y install xinetd authd

The command creates a file named /etc/xinetd.d/auth that contains:

service auth
{
     disable = yes
     socket_type = stream
wait =no
user = ident
cps = 4096 10
instances = UNLIMITED
server = /usr/sbin/in.authd server_args = -t60 --xerror –os
}
Note

If the file includes a -E argument at the end of the server arguments, delete -E.

To start the identd server:

systemctl enable xinetd
systemctl start xinetd

Open the pg_ident.conf file and create a user mapping:

# map_name    system_username     postgres_username
  edbas         enterprisedb        enterprisedb

Where:

  • The name specified in the map_name column is a name you define to identify the mapping in the pg_hba.conf file.
  • The name specified in the system_username column is enterprisedb.
  • The name specified in the postgres_username column is enterprisedb.

Then, open the pg_hba.conf file and modify the IDENT entries:

  • If you're using an IPv4 local connection, modify the file entry to read:

    host all all 127.0.0.0/0 ident map=edbas

  • If you're using an IPv6 local connection, modify the file entry to read:

    host all all ::1/128 ident map=edbas

You must restart the EDB Postgres Advanced Server service before invoking EDB*Plus. For detailed information about EDB Postgres Advanced Server, see the EDB Postgres Advanced Server documentation.