>> The contents of the pg_shadow table are written through to a file on disk
>> called pg_pwd, so all the backends can easily access it. However, this
>> write through is not automatic. The create user and alter user commands
>> take care of that, but if you update pg_shadow directly, your changes will
>> not be seen by currently active backends.
>
> Your changes never get to the file, ever, not just current backends.
>
> CREATE USER sql command updates the file, but an UPDATE on pg_shadow
> does not.
IMHO, that's a bug:
It's not forbidden to update or insert into pg_shadow by rule, but if
I do that I will get inconsistent authentication data.
Why not revoke INSERT and UPDATE on pg_shadow?
Or better:
Why not use a trigger on pg_shadow, to handle pg_pwd correctly?
The trigger code is allways in "create/alter user" command handler.
The code should be as near as possible on data!
> We use a file because the postmaster does the password authentication,
> and we don't have any database connection the postmaster.
pg_shadow is a file too, but not in text format like pg_pwd.
Gerald.