Обсуждение: Authentication problem
Hi there colleagues, From the Docs (Admin 4.1): There is no "fall-through" or "backup": if one record is chosen and the authentication fails, the following records are not considered. Are there any plans to loose this restriction? It would be very useful to use e.g. local all ident admin local sameuser ident sameuser local all password passwd.user and have backup pseudo-users in admin ident-map, allow connecting users to personal databases and list exceptions in password file. Or, is there another way to achieve this? Also, of course, it would be _very_ useful to tell full connects and read-only connects (not allowed to create tables/indexes/views/etc...) Sincerely, D.Marck [DM5020, DM268-RIPE, DM3-RIPN] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------
Dmitry Morozovsky <marck@rinet.ru> writes: > There is no "fall-through" or "backup": if one record is chosen > and the authentication fails, the following records are not > considered. > Are there any plans to loose this restriction? No. I don't believe we could count on clients to respond to multiple authentication challenges of different types. > It would be very useful to use e.g. > local all ident admin > local sameuser ident sameuser > local all password passwd.user The "sameuser" part of this works now, since sameuser is a record matching constraint, not an authentication test. There has been some talk of adding a more flexible username-matching field to pg_hba (whereupon the file name would be inappropriate ;-)) but no one's really done any work on it. regards, tom lane
> The "sameuser" part of this works now, since sameuser is a record > matching constraint, not an authentication test. > > There has been some talk of adding a more flexible username-matching > field to pg_hba (whereupon the file name would be inappropriate ;-)) > but no one's really done any work on it. I hope to add the username for 7.3. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026