* Alvaro Herrera (alvherre@2ndquadrant.com) wrote:
> Josh Berkus wrote:
>
> > As such, proposals are more likely to be successful if the proposer can
> > show how they apply to a general use case, or adapt them so that they
> > are useful to a large number of our users. This means that "this works
> > in our environment which has conditions X, Y, and Z" is not an effective
> > argument, unless you can follow it up with "... and here's the reason
> > why [large class of users] also has conditions X, Y and Z."
>
> The proposal here is to have a configure argument that disables
> arbitrary auth mechanisms. How is that specific to a particular
> environment?
For my 2c, I'm still a fan of the general idea.. I still view 'trust'
as appropriate only for development environments and I don't believe it
really solves any use-cases that having password-less accounts doesn't.
Removing it as an option simply removes a potential configuration
mistake. It's not going to protect you from a malicious administrator
who has root-level access any more than a CHECK constraint would stop a
malicious DBA.
Thanks!
Stephen
