Robert Treat wrote:
> On Fri, 2003-10-17 at 07:23, Bruce Momjian wrote:
> > Neil Conway wrote:
> > > On Thu, 2003-10-16 at 12:54, Josh Berkus wrote:
> > > > While one could write a utility in Postgres to create/process the file, the
> > > > "live" version of pg_hba.conf *must* be outside the database. If our ACL
> > > > was in the database, then how would we know who has the rights to read the
> > > > ACL?
> > >
> > > I don't see why this is a show-stopping problem. Can you elaborate?
> >
> > We don't want to fire up a backend until we know this is a valid user.
> > You could easily bring a server to a standstill by just sending false
> > connection requests. Sure, you can still do that by flooding the
> > machine, but a database lookup is significantly more expensive than
> > checking a connection packet.
>
> <devils advocate>
> why not hav a guc available in postgresql.conf that switches
> authentication from a pg_hba.conf file to a pg_hba table inside the
> database? this would allow people to choose a database based
> authentication scheme if their willing to shoulder the "risks" involved,
> and would prevent database lockout since you could always flip the guc
> and restart the database to authenticate against the file to allow
> admins back into the system
> </devils advocate>
I guess we could do it, but more easily we could dump a table to the
output file pg_hba.conf just like we do for pg_pwd and pg_group now.
It could be a global table like pg_shadow and pg_group. Of course, you
have the problem of getting the database started to modify the table.
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
