Ron Snyder wrote:
> > As for 7.3, maybe we can get that done in time of everyone
> > likes it. If
> > we can't, what do we do? Do we re-add the secondary password
> > file stuff
> > that most people don't like? My big question is how many other
> > PostgreSQL users figured out they could use the secondary
> > password file
> > for username/db restrictions? I never thought of it myself. Maybe I
> > should ask on general.
> Unless I'm misunderstanding you, we use it and like it. We have several
> servers on one machine that all access the same password file (we have it
> softlinked). If we need to create a user that accesses only one cluster,
> then they get added to the file and created in the specific cluster. If
> that user then needs access to a different cluster, they just need to be
> added to the new cluster.
> The reason this is beneficial for us is because we then have the ability to
> have postgres only user accounts, as well as accounts from YP. When the YP
> user changes their unix password in YP, their postgres db account password
> changes as well (via cronjob).
> There are fewer passwords for them to manage in this way, but we still get
> the benefit of greater separation between clusters.
> Let me know if you want more information about how we use it (or if I
> misunderstood). What is it that people _don't_ like?
OK, how do secondary passwords work in pg_hba.conf. It requires
clear-text 'password', right, because the password is already crypt-ed
in the file.
Here you are using it for something different, where one file is used
for multiple clusters. Interesting.
The current code allows you to point to a file for a list of users,
which could be symlinked, so that is handled. The only part not handled
is the password part.
One idea I had was to look for a colon in the username, and if I see
one, I assume everything after the colon is a password. Would that work
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
In response to
pgsql-hackers by date
|Next:||From: Bruce Momjian||Date: 2002-07-31 21:55:29|
|Subject: Re: Please, apply ltree patch|
|Previous:||From: Ian Barwick||Date: 2002-07-31 21:34:40|
|Subject: Re: No bison and NAMEDATALEN > 31: initdb failure?|