> Fork off the postgres process first, then authenticate inside of
> there...which would get rid of the problem with pg_user itself being a
> text file vs a relation...no?
Yes, yes, yes. This is how authentication should be done (for HBA, etc.)
Furthermore, we could reduce the footprint of the postmaster drastically. It
would only need to accept a socket connection and fork the backend. This
scenario would also allow the postmaster to be run as the root user. Good
things could only come of this method.
The only reason I put my authentication scheme where it is, is that all the
other authentication schemes take place in the postmaster, and to work things
properly, use of my scheme (checking to see if there is a password or not) must
come first.
Todd A. Brandys
brandys@eng3.hep.uiuc.edu