Re: Open 7.3 items

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Hannu Krosing <hannu(at)tm(dot)ee>, "Marc G(dot) Fournier" <scrappy(at)hub(dot)org>, Neil Conway <nconway(at)klamath(dot)dyndns(dot)org>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Open 7.3 items
Date: 2002-08-01 17:23:17
Message-ID: 200208011723.g71HNHv07528@candle.pha.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Tom Lane wrote:
> Hannu Krosing <hannu(at)tm(dot)ee> writes:
> > This name mangling should be done at connect time and kept out of
> > database, where each users name should always be fully resolved
> > (bob(at)accounting(dot)acme(dot)com).
>
> I really like Hannu's approach to this. It seems to solve Marc's
> problem with a very simple, easily understood, easily implemented
> feature. All we need is a postmaster configuration parameter that
> (when TRUE) causes the postmaster to convert the passed username
> into 'username(at)databasename' before looking it up in pg_shadow.

Yes, that is how the patch I submitted last night does it.

> (Actually, what I'd prefer it do is try first for username, and
> then username(at)databasename if plain username isn't found.)

Yes, that would be very easy to do _except_ for pg_hba.conf which does a
first-match for username. We could get into trouble there by trying two
versions of the same name. Comments?

> With this approach, we have an underlying mechanism that supports
> installation-wide usernames, same as before, but with the flip of
> a switch you can configure the system to support per-database
> usernames. It's not fancy, maybe, but it will get the job done
> with an appropriate amount of effort.
>
> We've had several proposals in this thread for complicated extensions
> to the user naming mechanism. I think that's overdesigning the feature,
> because we have *no* examples of real-world need for such things except
> for Marc's situation. Let's keep it simple until we see real use cases
> that can drive the design of something fancy.

Agreed.

>
> > This may require raising the length of NAME type to be backwards
> > compatible.
>
> Right, but we're planning to do that anyway.

Yes, but that requires a protocol change, which we don't want to do for
7.3. My fix is to just extend the username on the server side and
append the dbname if the switch is on.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Bruce Momjian 2002-08-01 17:27:47 Re: Trimming the Fat, Part Deux ...
Previous Message Thomas Lockhart 2002-08-01 17:21:34 Re: Trimming the Fat: Getting code via CVSup ...