Re: Open 7.3 items - Mailing list pgsql-hackers
| From | Bruce Momjian |
|---|---|
| Subject | Re: Open 7.3 items |
| Date | |
| Msg-id | 200207312105.g6VL5ZN21031@candle.pha.pa.us Whole thread Raw |
| In response to | Re: Open 7.3 items ("Marc G. Fournier" <scrappy@hub.org>) |
| Responses |
Re: Open 7.3 items
("Marc G. Fournier" <scrappy@hub.org>)
Re: Open 7.3 items (nconway@klamath.dyndns.org (Neil Conway)) Re: Open 7.3 items (Hannu Krosing <hannu@tm.ee>) |
| List | pgsql-hackers |
Marc G. Fournier wrote: > On Wed, 31 Jul 2002, Neil Conway wrote: > > > On Wed, Jul 31, 2002 at 02:01:43AM -0300, Marc G. Fournier wrote: > > > add in 'fix pg_hba.conf / password issues' to that too :) > > > > I doubt that will make 7.3 -- the proposals I've seen on this topic > > require some reasonably complex additions to the authentication > > system. We also still need to hash out which design we're going > > to implement. Given that it's pretty esoteric, I'd prefer this > > wait for 7.4 > > Then, the current changes *should* be removed, as we have no idea how many > sites out there we are going to break without that functionality ... I > know I personally have 200+ servers that will all break as soon as I move > to v7.3 with it as is :( OK, I have thought about this. First, a possible solution would be to have a GUC variable that prepends the dbname to all username specifications, so the username becomes dbname.username. When you CREATE USER "test", it actually does CREATE USER "dbname.test". Same with ALTER/DROP user and lookups in pg_hba.conf and authentication. Basically it gives us a per-db user namespace. Only the superuser has a non-db qualified name. (Actually, createuser script would fail because it connects only to template1. You would have to use psql and CREATE USER. Probably other things would fail too.) As for 7.3, maybe we can get that done in time of everyone likes it. If we can't, what do we do? Do we re-add the secondary password file stuff that most people don't like? My big question is how many other PostgreSQL users figured out they could use the secondary password file for username/db restrictions? I never thought of it myself. Maybe I should ask on general. Marc, you do have a workaround for 7.3 using your IP's, right, or is there a problem with the password having to be the same for different hosts with the same username? If Marc is the only one, and he has a workaround, we may just go ahead and leave it for 7.4. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania19026
pgsql-hackers by date: