Re: Password sub-process ... - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Password sub-process ...
Date
Msg-id 3893.1028046283@sss.pgh.pa.us
Whole thread Raw
In response to Re: Password sub-process ...  (Bruce Momjian <pgman@candle.pha.pa.us>)
List pgsql-hackers
Bruce Momjian <pgman@candle.pha.pa.us> writes:
> OK, I have one idea.  Right now the file format for usernames can be:

But this is just reimplementing the original functionality, which was
quite broken IMHO.  The setup Marc is describing doesn't really have
users per-database, it's only faking it.  And what if he wants to use
some non-password-based auth method, like IDENT?

I am wondering if we could have a configure-time or install-time
option to make pg_shadow (and pg_group I guess) be database-local
instead of installation-wide.  I am not sure about the implications
of this --- in particular, is the notion of a database owner still
meaningful?  How could the postmaster cope with it (I'd guess we'd
need multiple flat files, one per DB, for the postmaster to read)?

If we're going to do work to support this concept, then let's really
support it.
        regards, tom lane


pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: Password sub-process ...
Next
From: "Marc G. Fournier"
Date:
Subject: Re: Virus Emails