On Tue, 9 May 2000, Peter Eisentraut wrote:
> Tom Lane writes:
>
> > Rather than the separate pw files, maybe pg_shadow needs some kind of
> > provision for database-specific passwords ...
>
> Perhaps the issue is not so much having different passwords for each
> database. I don't think this is necessarily a priority. (I think it would
> be rather confusing that there would be one user and many passwords.)
>
> The issue is that you can't say "Do password authentication, but only for
> these users". It forces you to make separate password files. Perhaps we
> could extend the syntax similar to this
>
> | host all 127.0.0.1 255.255.255.255 passwd &user1,user2,user3
>
> to mean "do password authentication using the pg_shadow passwords, but
> only for the named users". (`&' would be some special character to
> distinguish a list of users from a password file name.)
why can't we extend the whole 'grant table' syntax to a 'grant database'
one also? as I see it, the owner of a database should be able to
grant/refuse connections to his database without having to go through the
DBA, which the above requires ...
Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org
