Home > mailing lists

Re: Adding line to pg_hba.conf for a specific group makes superuser authentication fail in 9.0? - Mailing list pgsql-admin

From	Kevin Grittner
Subject	Re: Adding line to pg_hba.conf for a specific group makes superuser authentication fail in 9.0?
Date	July 27, 2011 20:37:55
Msg-id	4E3030CA020000250003F82D@gw.wicourts.gov Whole thread Raw
In response to	Re: Adding line to pg_hba.conf for a specific group makes superuser authentication fail in 9.0? (Glyn Astill <glynastill@yahoo.co.uk>)
List	pgsql-admin

Tree view

Glyn Astill <glynastill@yahoo.co.uk> wrote:

> Maybe the docs should be embellished to also say "since a
> superuser is automatically considered a member of any group, it
> should be taken into account that names with a + mark will affect
> all superusers (although this was not the case prior to 9.0)" or
> something along those lines.

That seems like a good idea to me.  I can't help but think that
someone, somewhere is going to create a "suspended" role to assign
to logins which they want temporarily disabled, put that at the top
of pg_hba.conf, and not be amused by the results.

When I dig out from under some other issues, I'll put together a
docs patch to propose something like the above, if nobody beats me
to it.

-Kevin

pgsql-admin by date:

From: Glyn Astill
Date: 27 July 2011, 20:29:02
Subject: Re: Adding line to pg_hba.conf for a specific group makes superuser authentication fail in 9.0?

From: Wells Oliver
Date: 28 July 2011, 20:19:39
Subject: Unique operator error w/ concatenation

Re: Adding line to pg_hba.conf for a specific group makes superuser authentication fail in 9.0? - Mailing list pgsql-admin

Previous

Next