Skip site navigation (1) Skip section navigation (2)

Re: Adding line to pg_hba.conf for a specific group makes superuser authentication fail in 9.0?

From: "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov>
To: "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Glyn Astill" <glynastill(at)yahoo(dot)co(dot)uk>
Cc: "pgsql-admin(at)postgresql(dot)org" <pgsql-admin(at)postgresql(dot)org>
Subject: Re: Adding line to pg_hba.conf for a specific group makes superuser authentication fail in 9.0?
Date: 2011-07-27 20:37:46
Message-ID: 4E3030CA020000250003F82D@gw.wicourts.gov (view raw or flat)
Thread:
Lists: pgsql-admin
Glyn Astill <glynastill(at)yahoo(dot)co(dot)uk> wrote:
 
> Maybe the docs should be embellished to also say "since a
> superuser is automatically considered a member of any group, it
> should be taken into account that names with a + mark will affect
> all superusers (although this was not the case prior to 9.0)" or
> something along those lines.
 
That seems like a good idea to me.  I can't help but think that
someone, somewhere is going to create a "suspended" role to assign
to logins which they want temporarily disabled, put that at the top
of pg_hba.conf, and not be amused by the results.
 
When I dig out from under some other issues, I'll put together a
docs patch to propose something like the above, if nobody beats me
to it.
 
-Kevin

In response to

pgsql-admin by date

Next:From: Wells OliverDate: 2011-07-28 20:19:24
Subject: Unique operator error w/ concatenation
Previous:From: Glyn AstillDate: 2011-07-27 20:22:29
Subject: Re: Adding line to pg_hba.conf for a specific group makes superuser authentication fail in 9.0?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group