Re: MD5 authentication needs help

* Jim Nasby (Jim(dot)Nasby(at)BlueTreble(dot)com) wrote:
> On 3/5/15 2:17 PM, Stephen Frost wrote:
> >* Jim Nasby (Jim(dot)Nasby(at)BlueTreble(dot)com) wrote:
> >I'm all for it, though I would ask that we provide a way for superusers
> >to delegate the ability to reset locked accounts to non-superusers.
> >
> >I'd want to think about it a bit more before settling on using pg_authid
>
> I guess it's a question of how durable we want it to be. We could
> conceivable keep it in shared memory and let it wipe on a crash.
>
> But we already have code that ignores MVCC on a catalog table (IIRC
> for updating pg_class stats after vacuum) so the pattern is there. I
> don't see that we need more sophistication than that...

I'm not sure we should jump to that immediately..

> >to track the data. In any case, I do think we need a way to disable
> >this ability for certain roles
>
> In the interest of something for this release... do we really need
> that? My thought is we just special-case the postgres user and be
> done with it. Though, if there's some other way to reset an account
> from the shell, no need to even special case postgres.

I don't think this is going to happen for 9.5 unless someone shows up
with code in the *very* short term.. Further, realistically, we would
want to design this properly and not just hack something together.

> Though, I guess if we just follow the normal GUC behavior of
> allowing per-database and -user overrides it wouldn't be that hard.

Yes, using the GUC-based approach would allow users to be excluded from
an overall (or per-database) policy.

Thanks,

Stephen