I'm finalizing the setup to be used to host customer DBs for a domain
hosting service, and I'd like to make sure I've got the access controls
straight:
In pg_hba.conf, I've seen and managed to figure out *most* of how access
to the various DBs can be controlled. I'll be using the "password"
authentication, most likely with either sameuser or all:
-> db of "sameuser" *REQUIRES* that the connecting user have the same
name as the database they're trying to connect to - for ANYONE
using this access method
-> db of "all" lets the access control slip down a level to whether a
user has provided the proper password.
Is there any way to simply specify a list of users for each db? I
haven't been able to figure out if that's possible or not with
"password" authentication. (ident is useless; all DB access except
limited administrative control on my part will be via PHP across the
local UNIX socket- and ident will return "apache" if it returns anything
useful at all.)
Platform (at least initially) will be RedHat7.0/Postgres7.0; but it
will be moving to RH7.3/Postgres7.2 "Real Soon Now". (ie, as soon as
the new server is put together.)
-kgd
--
Money is overrated.
