Re: Password sub-process ...

On Tue, 30 Jul 2002, Bruce Momjian wrote:

> Tom Lane wrote:
> > "Marc G. Fournier" <scrappy(at)hub(dot)org> writes:
> > > First and foremost in my mind ... how do you have two users in the system
> > > with seperate passwords? ...
> > > since as soon as there are two 'bruce' users, only one can have a password
> >
> > Uh, we've *never* supported "two bruce users" ... users have always been
> > installation-wide. I am not sure what the notion of a database-owning
> > user means if user names are not of wider scope than databases.
> >
> > No doubt we could redesign the system so that user names are local to a
> > database, and break a lot of existing setups in the process. But what's
> > the value? If you want separate usernames you can set up separate
> > postmasters. If we change, and you don't want separate user names
> > across databases, you'll be out of luck.
>
> He was being tricky by having different passwords for the same user on
> each database, so one user couldn't get into the other database, even
> though it was the same name. He could actually have a user access
> databases 1,2,3 and another user with a different password access
> databases 4,5,6 because of the username/password files. Now, he can't
> do that.
>
> Having those file function as username lists is already implemented
> better in the new code. The question is whether using those secondary
> passwords is widespread enough that I need to get that into the code
> too. It was pretty confusing for users, so I am hesitant to re-add it,
> but I hate for Marc to lose functionality he had in the past.

You seem to have done a nice job with the + and @ for 'maps' ... how about
third on that states that the map file has a username:password pair in it?

I do like how the pg_hba.conf has changed, just don't like the lose of
functionality :(