Postgres Pro
Downloads
Home   >   mailing lists

Re: Open 7.3 items - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: Open 7.3 items
Date
Msg-id 200208011723.g71HNHv07528@candle.pha.pa.us
Whole thread Raw
In response to Re: Open 7.3 items  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Open 7.3 items  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-hackers
Tree view 
Tom Lane wrote:
> Hannu Krosing <hannu@tm.ee> writes:
> > This name mangling should be done at connect time and kept out of
> > database, where each users name should always be fully resolved
> > (bob@accounting.acme.com). 
> 
> I really like Hannu's approach to this.  It seems to solve Marc's
> problem with a very simple, easily understood, easily implemented
> feature.  All we need is a postmaster configuration parameter that
> (when TRUE) causes the postmaster to convert the passed username
> into 'username@databasename' before looking it up in pg_shadow.

Yes, that is how the patch I submitted last night does it.

> (Actually, what I'd prefer it do is try first for username, and
> then username@databasename if plain username isn't found.)

Yes, that would be very easy to do _except_ for pg_hba.conf which does a
first-match for username.  We could get into trouble there by trying two
versions of the same name.  Comments?

> With this approach, we have an underlying mechanism that supports
> installation-wide usernames, same as before, but with the flip of
> a switch you can configure the system to support per-database
> usernames.  It's not fancy, maybe, but it will get the job done
> with an appropriate amount of effort.
> 
> We've had several proposals in this thread for complicated extensions
> to the user naming mechanism.  I think that's overdesigning the feature,
> because we have *no* examples of real-world need for such things except
> for Marc's situation.  Let's keep it simple until we see real use cases
> that can drive the design of something fancy.

Agreed.

> 
> > This may require raising the length of NAME type to be backwards
> > compatible.
> 
> Right, but we're planning to do that anyway.

Yes, but that requires a protocol change, which we don't want to do for
7.3.  My fix is to just extend the username on the server side and
append the dbname if the switch is on.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026

pgsql-hackers by date:

Previous
From: Thomas Lockhart
Date:
Subject: Re: Trimming the Fat: Getting code via CVSup ...
Next
From: Bruce Momjian
Date:
Subject: Re: Trimming the Fat, Part Deux ...