Skip site navigation (1) Skip section navigation (2)

Re: Open 7.3 items

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Ron Snyder <snyder(at)roguewave(dot)com>
Cc: "Marc G(dot) Fournier" <scrappy(at)hub(dot)org>,Neil Conway <nconway(at)klamath(dot)dyndns(dot)org>,PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Open 7.3 items
Date: 2002-07-31 21:40:11
Message-ID: 200207312140.g6VLeBm23919@candle.pha.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Ron Snyder wrote:
> > As for 7.3, maybe we can get that done in time of everyone 
> > likes it.  If
> > we can't, what do we do?  Do we re-add the secondary password 
> > file stuff
> > that most people don't like?   My big question is how many other
> > PostgreSQL users figured out they could use the secondary 
> > password file
> > for username/db restrictions?  I never thought of it myself.  Maybe I
> > should ask on general.
> 
> Unless I'm misunderstanding you, we use it and like it.  We have several
> servers on one machine that all access the same password file (we have it
> softlinked).  If we need to create a user that accesses only one cluster,
> then they get added to the file and created in the specific cluster.  If
> that user then needs access to a different cluster, they just need to be
> added to the new cluster.
> 
> The reason this is beneficial for us is because we then have the ability to
> have postgres only user accounts, as well as accounts from YP.  When the YP
> user changes their unix password in YP, their postgres db account password
> changes as well (via cronjob).
> 
> There are fewer passwords for them to manage in this way, but we still get
> the benefit of greater separation between clusters.
> 
> Let me know if you want more information about how we use it (or if I
> misunderstood).  What is it that people _don't_ like?

OK, how do secondary passwords work in pg_hba.conf.  It requires
clear-text 'password', right, because the password is already crypt-ed
in the file.

Here you are using it for something different, where one file is used
for multiple clusters.  Interesting.

The current code allows you to point to a file for a list of users,
which could be symlinked, so that is handled.  The only part not handled
is the password part.

One idea I had was to look for a colon in the username, and if I see
one, I assume everything after the colon is a password.  Would that work
for you?

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026

In response to

Responses

pgsql-hackers by date

Next:From: Bruce MomjianDate: 2002-07-31 21:55:29
Subject: Re: Please, apply ltree patch
Previous:From: Ian BarwickDate: 2002-07-31 21:34:40
Subject: Re: No bison and NAMEDATALEN > 31: initdb failure?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group