Home > mailing lists

Re: One Role, Two Passwords - Mailing list pgsql-hackers

From	Josh Berkus
Subject	Re: One Role, Two Passwords
Date	January 21, 2011 00:32:33
Msg-id	4D38E221.6090501@agliodbs.com Whole thread Raw
In response to	Re: One Role, Two Passwords (Daniel Farina <drfarina@acm.org>)
Responses	Re: One Role, Two Passwords (Daniel Farina <drfarina@acm.org>) Re: One Role, Two Passwords (Robert Haas <robertmhaas@gmail.com>)
List	pgsql-hackers

Tree view

> * Eventual Retirement of old credentials without having to issue ALTER
> statements (or really statements of any kind...) against application
> schema objects.

OK, that's a different goal.  You want to be able to expire passwords
with an overlap period.  That's quite different from wanting an
indefinfite number of passwords per role.

Mind you, the main way to do this right now ... and where you're going
to get pushback ... is using LDAP, ActiveDirectory or similar.  At a
certain point we have to draw the line and say "PostgreSQL is not an
authtenication server".  I don't know exactly where that line is, but
recognize that you're arguing about where to draw it.

--                                  -- Josh Berkus                                    PostgreSQL Experts Inc.
                        http://www.pgexperts.com

pgsql-hackers by date:

From: Florian Pflug
Date: 21 January 2011, 00:25:21
Subject: Re: SSI and Hot Standby

From: "Kevin Grittner"
Date: 21 January 2011, 00:55:06
Subject: Re: SSI and Hot Standby

Re: One Role, Two Passwords - Mailing list pgsql-hackers

Previous

Next