Skip site navigation (1) Skip section navigation (2)

Re: authentication services

From: "David E(dot) Wheeler" <david(at)kineticode(dot)com>
To: Selena Deckelmann <selena(at)chrisking(dot)com>
Cc: pdxpug(at)postgresql(dot)org
Subject: Re: authentication services
Date: 2006-10-20 03:47:43
Message-ID: DE23DD94-CD81-4558-B192-E1A9BC4CDDB9@kineticode.com (view raw or flat)
Thread:
Lists: pdxpug
On Oct 19, 2006, at 17:03, Selena Deckelmann wrote:

> It would be interesting if the system relied more on roles, and  
> used authentication as a way of determining what role a user  
> belonged to.  Then, when a person tries to login to pgsql for the  
> first time, it looks up what their group membership is and assigns  
> permissions appropriately.  And if you really wanted to, it could  
> add the user to the database.  Ideally, you'd just rely on the  
> role, so that anyone with the proper role/group membership could  
> login to the database.  It's really powerful when you're in an  
> environment that has defined responsibilities and rapid turnover.

So you're saying map PostgreSQL roles to LDAP groups?

> Few applications do this.  Most people just make generic accounts  
> that lots of people have the password to.  And that leads to all  
> sorts of problems.

Amen to that.

Best,

David

In response to

Responses

pdxpug by date

Next:From: Selena DeckelmannDate: 2006-10-20 16:11:59
Subject: Re: authentication services
Previous:From: Selena DeckelmannDate: 2006-10-20 00:03:51
Subject: Re: authentication services

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group