Re: Password sub-process ...

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: "Marc G(dot) Fournier" <scrappy(at)hub(dot)org>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Password sub-process ...
Date: 2002-07-30 03:59:09
Message-ID: 200207300359.g6U3x9U27957@candle.pha.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Marc G. Fournier wrote:
> On Mon, 29 Jul 2002, Bruce Momjian wrote:
>
> > Actually, it is replaced by encrypted pg_shadow by default in 7.3, and
> > the new USER (users or groups) column in pg_hba.conf that will be in 7.3
> > that can restrict based on user/group. This replaces the use of the
> > secondary file for just usernames. You can now specify a filename in
> > pg_hba.conf listing these. Would you look over the pg_hba.conf in CVS
> > and tell me what additional things are needed.
>
> Wow, what a change ... some nice stuff in there, mind you, but unless I'm
> missing something, you've thrown out some *major* functionality that we
> had before :( And since I missed this, its quite possible that i am
> missing something :)
>
> First and foremost in my mind ... how do you have two users in the system
> with seperate passwords?

No, it doesn't seem possible now. I didn't know anyone was still using
that secondary password feature, and if they were, I thought they were
using only the 'username-list' version where no password was supplied,
not the username-crypted-password version.

Actually, it is hard to argue that having two users in pg_shadow, but
having them as different people with different passwords makes much
sense, though I can see why you would want to do that.

The idea of removing it was that it wasn't used much, and that the
syntax of an optional password file at the end was pretty weird,
especially now that we have a USER column.

Not sure what to do now. We can re-add it but the code that did it is
gone, and we now cache everything, so the code has to be refactored to
cache that username/cryptpassword content.

I actually added to code to make administration easier, but in your
case, I seem to have made it harder.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2002-07-30 04:08:09 Re: WAL file location
Previous Message Marc G. Fournier 2002-07-30 03:43:52 Re: Password sub-process ...