Re: Open 7.3 items

Поиск
Список
Период
Сортировка
От Bruce Momjian
Тема Re: Open 7.3 items
Дата
Msg-id 200207312140.g6VLeBm23919@candle.pha.pa.us
обсуждение исходный текст
Ответ на Re: Open 7.3 items  (Ron Snyder <snyder@roguewave.com>)
Ответы Re: Open 7.3 items  ("Marc G. Fournier" <scrappy@hub.org>)
Список pgsql-hackers
Дерево обсуждения 
Ron Snyder wrote:
> > As for 7.3, maybe we can get that done in time of everyone 
> > likes it.  If
> > we can't, what do we do?  Do we re-add the secondary password 
> > file stuff
> > that most people don't like?   My big question is how many other
> > PostgreSQL users figured out they could use the secondary 
> > password file
> > for username/db restrictions?  I never thought of it myself.  Maybe I
> > should ask on general.
> 
> Unless I'm misunderstanding you, we use it and like it.  We have several
> servers on one machine that all access the same password file (we have it
> softlinked).  If we need to create a user that accesses only one cluster,
> then they get added to the file and created in the specific cluster.  If
> that user then needs access to a different cluster, they just need to be
> added to the new cluster.
> 
> The reason this is beneficial for us is because we then have the ability to
> have postgres only user accounts, as well as accounts from YP.  When the YP
> user changes their unix password in YP, their postgres db account password
> changes as well (via cronjob).
> 
> There are fewer passwords for them to manage in this way, but we still get
> the benefit of greater separation between clusters.
> 
> Let me know if you want more information about how we use it (or if I
> misunderstood).  What is it that people _don't_ like?

OK, how do secondary passwords work in pg_hba.conf.  It requires
clear-text 'password', right, because the password is already crypt-ed
in the file.

Here you are using it for something different, where one file is used
for multiple clusters.  Interesting.

The current code allows you to point to a file for a list of users,
which could be symlinked, so that is handled.  The only part not handled
is the password part.

One idea I had was to look for a colon in the username, and if I see
one, I assume everything after the colon is a password.  Would that work
for you?

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Ron Snyder
Дата:
Сообщение: Re: Open 7.3 items
Следующее
От: Bruce Momjian
Дата:
Сообщение: Re: Please, apply ltree patch