In response to Tom Lane <tgl@sss.pgh.pa.us>:
> Bill Moran <wmoran@collaborativefusion.com> writes:
> > In response to Tom Lane <tgl@sss.pgh.pa.us>:
> >> Yeah, but the postmaster can't read pg_authid, nor any other table,
> >> because it's not logically connected to the database. So any change
> >> to pg_authid gets copied to a "flat" ASCII-text file for the postmaster.
>
> > Would using kerberos or some other external auth mechanism work around this?
>
> Kerberos can't read the database directly either, so I'm not sure I see
> your point.
It's possible that I'm misunderstanding.
If there's a problem with having large numbers of users in Postgres because
the postmaster has to use a flat file to store them, can one circumvent the
issue by configuring Postgres to use kerberos for auth instead of its
internal mechanisms? Will this eliminate the need for the flat file?
--
Bill Moran
Collaborative Fusion Inc.