On Thu, 2002-08-01 at 16:17, Tom Lane wrote:
> Hannu Krosing <hannu@tm.ee> writes:
> > This name mangling should be done at connect time and kept out of
> > database, where each users name should always be fully resolved
> > (bob@accounting.acme.com).
>
> I really like Hannu's approach to this. It seems to solve Marc's
> problem with a very simple, easily understood, easily implemented
> feature. All we need is a postmaster configuration parameter that
> (when TRUE) causes the postmaster to convert the passed username
> into 'username@databasename' before looking it up in pg_shadow.
>
> (Actually, what I'd prefer it do is try first for username, and
> then username@databasename if plain username isn't found.)
This should not really be @databasename, but rather a @domainname as
Mark does in fact want to use the same user from some virtual host
(==domain) for more than one database sometimes.
Using databasename as a domainname is just the quickest way to resolve
the domainname if no more info about it is given.
Thinking of the @xxx part as a domainname and not tying it to
databasename would be beneficial in case we later want to use other
kinds of domains (like NT, DNS/mail, YP or Kerberos domains for example)
If need arises we could later split out the @xxx part to "usedomain"
field and perhaps also add "usedomainkind" field in order to manage that
info in databse instead of pg_hba.conf.
-----------------
Hannu
