Re: rolcanlogin vs. the flat password file
| От | Michael Paesold |
|---|---|
| Тема | Re: rolcanlogin vs. the flat password file |
| Дата | |
| Msg-id | 47130639.9000600@gmx.at обсуждение исходный текст |
| Ответ на | Re: rolcanlogin vs. the flat password file (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
Tom Lane wrote: > With the attached patch to not drop nologin roles from the flat password > file, it acts more sanely: > > postgres=# create user foo nologin; > CREATE ROLE > postgres=# \c - foo > Password for user "foo": > FATAL: password authentication failed for user "foo" > Previous connection kept > postgres=# alter user foo password 'foo'; > ALTER ROLE > postgres=# \c - foo > Password for user "foo": << correct password entered here > FATAL: role "foo" is not permitted to log in > Previous connection kept > > Should we just do this, or is it worth working harder? IMHO this is exactly what we want. It does only offer more information when you already got authentication right and therefore doesn't open an information leak. Not sure about the warning when creating a role with a password but nologin. Could be useful. Best Regards Michael Paesold
В списке pgsql-hackers по дате отправления: