Stephen Frost <sfrost@snowman.net> writes:
> * Robert Haas (robertmhaas@gmail.com) wrote:
>> Eh? Why would the presence of usernames in pg_hba.conf mean that they
>> have to be global objects?
> I havn't had a chance (yet) to look, but perhaps the current code
> attempts to validate the role before figuring out what database is being
> requested? We'd have to essentially invert that, of course, for this..
Even more to the point, what do you do when the "database" column is
"all", or a list of more than one database name?
It's possible that we could define this away by saying that only
globally known usernames can be listed in pg_hba.conf, but I think
we'll still have implementation problems with doing authentication
for per-database usernames.
regards, tom lane
