On Sun, 20 May 2007, Chris Browne wrote:
> Making a selection of mechanisms configurable seems entirely
> reasonable to me.
But, whilst creating these systems, we must keep in mind security.
Instead of replacing the auth routines, how about:
1. Keep the auth routines currently present in PG, so that as a DB admin I
*can* restrict DB's via file only as I do now, and
2. To support those who want LDAP or table-based auth, add a setting to
pg_hba.conf so that a second code-path can be activated on a per-db basis.
I view MySQL's table-based auth mechanisms as a bug, not a feature.
Cheers,
-J
