The password-file cache implemented by src/backend/libpq/crypt.c is
now dysfunctional, because it is only loaded when a password check is
requested, which is after the postmaster's child process has forked
away from the postmaster. The cache is always empty in the postmaster,
and every new backend will read up and cache the whole file before
probing the cache ... once.
One fairly reasonable solution would be to have the postmaster load
the cache when receiving SIGHUP (when it also reloads its other config
files). Then we could remove the password-file-reload-flag-file
mechanism in favor of just kill(getppid(), SIGHUP), a mechanism we
already use in other places.
If we don't do that, I am strongly inclined to remove the password cache
mechanism and just allow the code to reread pg_pwd when checking a
password.
If we do keep the cache, I think I will also tweak crypt.c to store
the cache in PostmasterContext palloc space, rather than malloc space,
so that it will be freed when entering a new backend.
Comments?
regards, tom lane