Tom Lane wrote:
> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > Problem is that pg_shadow flat file _only_ has users with passwords. I
> > do a btree search of that file, but I am not sure I want to add a dump
> > of _all_ users just to allow this. Do we?
>
> Why not? Doesn't seem like a big penalty ...
Well, in most cases pg_pwd doesn't even get created unless someone has a
password. We would be creating that file in all cases, or at least in
all cases wher db_user_namespace is set, and again, that is a SIGHUP
param, so you would need to make sure pg_pwd has the right contents if
it was enabled during a sighup. Frankly, I would recommend a new file
that just contains user names and is always created.
We are basically heading down the road to complexity here.
In fact, pg_hba.conf is just a microcosm of how we are going to handle
pg_shadow matching. If we create dave@db1, then when dave tries to
connect to db1, he comes in as dave@db1, but when he goes to connect to
db2, if there is a plain 'dave', he will connect as 'dave' to db2, if
possible.
If people are OK with that, then I can easily push the double-testing
down into the authentication system. It merely means testing the new
pg_hba.conf USER column for two values, and pg_shadow for two values,
but I would test with @db first.
The double testing just seems strange to me because it splits the user
namespace into two parts one with @ and one without, and conflicting
user parts in the two namespaces do interact when @db does not match.
That seems strange, but hey, if no one else thinks it is strange, it is
easy to code. It is basically the same as testing pg_pwd, just doing it
later in the code.
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
359-1001+ If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square,
Pennsylvania19073
