"scott.marlowe" <scott.marlowe@ihs.com> writes:
> since the purpose of the pg_hba.conf file is to ensure that you never
> manage to lock yourself out of your database, might it make sense to have
> a pg_hba table in each database that can be / will be / should be(???)
> overidden by the pg_hba.conf file,
I don't think we want user authentication driven off of actual tables.
That would mean paying *all* the costs of backend launch before we could
reject an invalid connection request.
It might be possible to do something with a flat file as an intermediary
between the postmaster and the tables that are the master data. We
already do this for pg_shadow passwords, and I've been thinking of
proposing that we add a flat file for the database name -> OID mapping
so we could get rid of the horrid hack that is GetRawDatabaseInfo().
Per-database flat files would be a bit messy though.
regards, tom lane