Re: WIP: remove use of flat auth file for client authentication

On Sat, Aug 29, 2009 at 6:00 AM, Tom Lane<tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Attached is a patch that removes the use of the flat auth file during
> client authentication, instead using regular access to the pg_auth
> catalogs.  As previously discussed, this implies pushing the
> authentication work down to InitPostgres.  I didn't yet do anything
> about the idea of falling back to connecting to "postgres" when the
> specified target DB doesn't exist, but other than that small change
> I think it's about ready to go.

Falling back to connecting to "postgres" seems unnecessarily complex to me.

> Another interesting point is that for this to work, those signal
> interrupts have to actually be enabled (doh) ... and up to now we have
> been running InitPostgres with most signals disabled.  I suspect that
> this means some things are actively broken during InitPostgres's initial
> transaction --- for example, if it happens to try to take a lock that
> completes a deadlock cycle, the deadlock won't be detected because the
> lock timeout SIGALRM interrupt will never occur.  Another example is
> that SI inval messaging isn't working during InitPostgres either.
> The patch addresses this by moving up PostgresMain's
> PG_SETMASK(&UnBlockSig); call to before InitPostgres.  We might need to
> back-patch that bit, though I'm hesitant to fool with such a thing in
> back branches.

The deadlock can only fail to be detected by someone else if the whole
initpostgres thing takes longer than deadlock_timout I think. So it
doesn't seem very likely. Not sure how likely problems due to missed
SI messages are.

>
> Thoughts, objections, better ideas?
>
>                        regards, tom lane
>
>
>
> --
> Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-hackers
>
>

--
greg
http://mit.edu/~gsstark/resume.pdf