On Sat, Aug 29, 2009 at 6:00 AM, Tom Lane<tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Attached is a patch that removes the use of the flat auth file during
> client authentication, instead using regular access to the pg_auth
> catalogs. As previously discussed, this implies pushing the
> authentication work down to InitPostgres. I didn't yet do anything
> about the idea of falling back to connecting to "postgres" when the
> specified target DB doesn't exist, but other than that small change
> I think it's about ready to go.
Falling back to connecting to "postgres" seems unnecessarily complex to me.
> Another interesting point is that for this to work, those signal
> interrupts have to actually be enabled (doh) ... and up to now we have
> been running InitPostgres with most signals disabled. I suspect that
> this means some things are actively broken during InitPostgres's initial
> transaction --- for example, if it happens to try to take a lock that
> completes a deadlock cycle, the deadlock won't be detected because the
> lock timeout SIGALRM interrupt will never occur. Another example is
> that SI inval messaging isn't working during InitPostgres either.
> The patch addresses this by moving up PostgresMain's
> PG_SETMASK(&UnBlockSig); call to before InitPostgres. We might need to
> back-patch that bit, though I'm hesitant to fool with such a thing in
> back branches.
The deadlock can only fail to be detected by someone else if the whole
initpostgres thing takes longer than deadlock_timout I think. So it
doesn't seem very likely. Not sure how likely problems due to missed
SI messages are.
> Thoughts, objections, better ideas?
> regards, tom lane
> Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> To make changes to your subscription:
In response to
pgsql-hackers by date
|Next:||From: Martijn van Oosterhout||Date: 2009-08-29 09:02:43|
|Subject: Re: [pgsql-hackers] Daily digest v1.9418 (15 messages)|
|Previous:||From: Tom Lane||Date: 2009-08-29 05:00:41|
|Subject: WIP: remove use of flat auth file for client authentication|