Folks,
Jeremy handed me an interesting feature proposal at last night's SFPUG
meeting.
PG authentication methods ought to have drop-downs to other authentication
methods, in the same manner as SSH and PAM.
The idea would be this, if you had the following in your pg_hba.conf:
somedb jeremy 23.165.22.198 255.255.255.255 kerberos
somedb jeremy 23.165.22.198 255.255.255.255 md5
Then, when jeremy tries to connect to somedb from 23.165.22.198, the system
would first try kerberos authentication, and if that fails offer an md5
password login. Only when the system ran out of applicable lines in
pg_hba.conf would the user be rejected.
Any reason why this is a bad idea? It would improve the lives of a lot of
kerberos and SSL users who have to deal with flaky authentication issues.
--
-Josh BerkusAglio Database SolutionsSan Francisco
