Nick Sayer writes:
> On the one hand, I need
>
> local sameuser password
>
> because I have untrusted users who should only have access to their own
> databases.
>
> On the other hand, I do a nightly pg_dumpall as part of the backups so that
> I don't have to dump the actual database working areas. For that to work, I
> need to say
>
> local all password
>
> so that my backup script will work.
If you are only concerned about local access then you should consider
using 'ident' authentication. In 7.1 this only works for TCP/IP
connections (so you have to go through 'localhost'), but in 7.2 it will
also work with local connections. Another possibility is to use 'local
sameuser trust' and set a filesystem permission on the socket. (See
unix_socket_* parameters in postgresql.conf.) In 7.2 we'll also have PAM,
so you'll be able to do whatever you want.
--
Peter Eisentraut peter_e@gmx.net