> > This is definitely stressing pg_hba past its design limits --- heck, the
> > name of the file isn't even appropriate anymore, if usernames are part
> > of the match criteria. Rather than contorting things to maintain a
> > pretense of backwards compatibility, it's time to abandon the current
> > file format, change the name, and start over.
>
> The pg_hba.conf thing is slowly growing to become a bad excuse for a
> completely general authentication system, such as PAM. Instead of
> creating our own, maybe we could rip off the "BSD authentication" system
> from some free *BSD. I haven't seen it, but it's supposed to be like (or
> "better than") PAM.
Hmmm...I've never heard of the "BSD authentication" system...? As far as I
was aware, FreeBSD uses PAM:
man pam
PAM(8) PAM Manual PAM(8)
NAME PAM - Pluggable Authentication Modules
SYNOPSIS /etc/pam.conf
DESCRIPTION This manual is intended to offer a quick introduction to PAM. For more information the reader
isdirected to the Linux-PAM system administrators' guide.
PAM Is a system of libraries that handle the authentica- tion tasks of applications (services) on the
system. The library provides a stable general interface (Application Programming Interface - API) that
privilegegranting pro- grams (such as login(1) and su(1)) defer to to perform standard authentication
tasks.
...
Chris