Re: CREATE DATABASE WITH OWNER '??'; - Mailing list pgsql-hackers

From Peter Eisentraut
Subject Re: CREATE DATABASE WITH OWNER '??';
Date
Msg-id Pine.LNX.4.21.0005091500450.387-100000@localhost.localdomain
Whole thread Raw
In response to Re: CREATE DATABASE WITH OWNER '??';  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: CREATE DATABASE WITH OWNER '??';
List pgsql-hackers
Tom Lane writes:

> Rather than the separate pw files, maybe pg_shadow needs some kind of
> provision for database-specific passwords ...

Perhaps the issue is not so much having different passwords for each
database. I don't think this is necessarily a priority. (I think it would
be rather confusing that there would be one user and many passwords.)

The issue is that you can't say "Do password authentication, but only for
these users". It forces you to make separate password files. Perhaps we
could extend the syntax similar to this

| host    all    127.0.0.1    255.255.255.255    passwd    &user1,user2,user3

to mean "do password authentication using the pg_shadow passwords, but
only for the named users". (`&' would be some special character to
distinguish a list of users from a password file name.)


-- 
Peter Eisentraut                  Sernanders väg 10:115
peter_e@gmx.net                   75262 Uppsala
http://yi.org/peter-e/            Sweden



pgsql-hackers by date:

Previous
From: Peter Eisentraut
Date:
Subject: Re: logging problem ... ?
Next
From: Peter Eisentraut
Date:
Subject: Re: You're on SecurityFocus.com for the cleartext passwords.