Thank you so much- I have been trying to do exactly that for months (my
postgres and admin users could never see the individual users because we
were using sameuser, unless they were logged in as certain users so that
ident could work- and even then, it's not hard to come from
root@anothermachine or admin@anothermachine). Thanks so much. This should
really be documented. It's not in the sample pg_hba.conf nor the web docs.
--
Mike
----- Original Message -----
From: "Tom Lane" <tgl@sss.pgh.pa.us>
To: "Mike Rogers" <temp6453@hotmail.com>
Cc: <pgsql-hackers@postgresql.org>
Sent: Thursday, November 08, 2001 10:10 AM
Subject: Re: [HACKERS] 'postgres' flag
> "Mike Rogers" <temp6453@hotmail.com> writes:
> > Anyone have a code hack to 7.1 to make postgreSQL break out of the
> > 'sameuser' jail if a user as the 'postgres' superuser flag?
>
> The difficulty with that idea is that the connection-matching code has
> no idea whether a given userid is superuser or not (indeed, that info
> is not available to the postmaster at all).
>
> > Or maybe to set
> > config file lines based also on 'superuser' (like 'crypt superuser' or
> > something like that). Otherwise I think I might make one.
>
> Did you read the thread a day or two back in pgsql-admin? Consider
> something like
>
> local sameuser password
> local all password crossauth
>
> where crossauth contains the usernames you want to allow to connect
> to databases other than their own.
>
> regards, tom lane
>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org
>
