Home > mailing lists

Re: rolcanlogin vs. the flat password file - Mailing list pgsql-hackers

From	Michael Paesold
Subject	Re: rolcanlogin vs. the flat password file
Date	October 15, 2007 06:19:38
Msg-id	47130639.9000600@gmx.at Whole thread Raw
In response to	Re: rolcanlogin vs. the flat password file (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

Tom Lane wrote:
> With the attached patch to not drop nologin roles from the flat password
> file, it acts more sanely:
> 
> postgres=# create user foo nologin;
> CREATE ROLE
> postgres=# \c - foo
> Password for user "foo": 
> FATAL:  password authentication failed for user "foo"
> Previous connection kept
> postgres=# alter user foo password 'foo';
> ALTER ROLE
> postgres=# \c - foo
> Password for user "foo": << correct password entered here
> FATAL:  role "foo" is not permitted to log in
> Previous connection kept
> 
> Should we just do this, or is it worth working harder?

IMHO this is exactly what we want. It does only offer more information when 
you already got authentication right and therefore doesn't open an 
information leak.

Not sure about the warning when creating a role with a password but 
nologin. Could be useful.

Best Regards
Michael Paesold

pgsql-hackers by date:

From: Stephen Frost
Date: 14 October 2007, 22:16:48
Subject: Re: rolcanlogin vs. the flat password file

From: "Marko Kreen"
Date: 15 October 2007, 07:40:53
Subject: Re: Back-patch support for python 2.5?

Re: rolcanlogin vs. the flat password file - Mailing list pgsql-hackers

Previous

Next