Re: Password sub-process ...

Marc G. Fournier wrote:
> On Mon, 29 Jul 2002, Bruce Momjian wrote:
>
> > Marc G. Fournier wrote:
> > >
> > > Something to maybe add to the TODO list, if someone has the
> > > time/inclination to work on it ...
> > >
> > > The problem with the current auth system, as I see it, is that you can't
> > > easily have seperate user lists and passwords per database ... its shared
> > > across the system ...
> > >
> > > The closest you can get is to have a database defined as 'password' in
> > > pg_hba.conf, with an external password file from pg_shadow, which, for the
> > > most part, is good ... but it doesn't lend itself well to a 'hands off'
> > > server ...
> >
> > Actually, that is removed in 7.3. It was too weird a syntax and format
> > and the original idea of sharing /etc/passwd there didn't work anymore
> > on most systems.
>
> whoa ... what replaced it? weird it might have been, but it worked great
> if you knew about it ...

Well, I asked and no one answered. ;-)

Actually, it is replaced by encrypted pg_shadow by default in 7.3, and
the new USER (users or groups) column in pg_hba.conf that will be in
7.3 that can restrict based on user/group. This replaces the use of the
secondary file for just usernames. You can now specify a filename in
pg_hba.conf listing these. Would you look over the pg_hba.conf in CVS
and tell me what additional things are needed.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026