Ross J. Reedstrom wrote:
> On Thu, Mar 21, 2002 at 11:38:05AM -0500, Bruce Momjian wrote:
> >
> > I am handling it like pg_shadow. The problem is that because I expand
> > pg_group inside the pg_hba tokens, I have to retokenize pg_hba.conf too
> > after pg_group changes. I assumed we didn't want pg_hba.conf
> > retokenized on a password change and only on a pg_ctl reload.
> >
> > My new code has a separate pg_group token list which is not expanded
> > into the pg_hba.conf token list and is traversed for every connection.
>
> Hmm, your trading performance on every connection for less work on the
> rare event of a password change? What's wrong with reparsing pg_hba.conf
> at password/group change? Streamline the common case, don't optimize for
> the rare condition.
Yes, that was the issue. We tell people pg_hba.conf only gets reloaded
when they tell the postmaster to do it. We can't have it happening at
random times, e.g. password change. My new coding will need to only
spin through a list of group names, not the list of users in each group.
That's why the new format for global/pg_group should make things ok for
doing this at connection time.
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill,
Pennsylvania19026
