Skip site navigation (1) Skip section navigation (2)

Re: WIP: remove use of flat auth file for client authentication

From: Greg Stark <gsstark(at)mit(dot)edu>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: WIP: remove use of flat auth file for client authentication
Date: 2009-08-29 08:51:50
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
On Sat, Aug 29, 2009 at 6:00 AM, Tom Lane<tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Attached is a patch that removes the use of the flat auth file during
> client authentication, instead using regular access to the pg_auth
> catalogs.  As previously discussed, this implies pushing the
> authentication work down to InitPostgres.  I didn't yet do anything
> about the idea of falling back to connecting to "postgres" when the
> specified target DB doesn't exist, but other than that small change
> I think it's about ready to go.

Falling back to connecting to "postgres" seems unnecessarily complex to me.

> Another interesting point is that for this to work, those signal
> interrupts have to actually be enabled (doh) ... and up to now we have
> been running InitPostgres with most signals disabled.  I suspect that
> this means some things are actively broken during InitPostgres's initial
> transaction --- for example, if it happens to try to take a lock that
> completes a deadlock cycle, the deadlock won't be detected because the
> lock timeout SIGALRM interrupt will never occur.  Another example is
> that SI inval messaging isn't working during InitPostgres either.
> The patch addresses this by moving up PostgresMain's
> PG_SETMASK(&UnBlockSig); call to before InitPostgres.  We might need to
> back-patch that bit, though I'm hesitant to fool with such a thing in
> back branches.

The deadlock can only fail to be detected by someone else if the whole
initpostgres thing takes longer than deadlock_timout I think. So it
doesn't seem very likely. Not sure how likely problems due to missed
SI messages are.

> Thoughts, objections, better ideas?
>                        regards, tom lane
> --
> Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> To make changes to your subscription:


In response to


pgsql-hackers by date

Next:From: Martijn van OosterhoutDate: 2009-08-29 09:02:43
Subject: Re: [pgsql-hackers] Daily digest v1.9418 (15 messages)
Previous:From: Tom LaneDate: 2009-08-29 05:00:41
Subject: WIP: remove use of flat auth file for client authentication

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group