| From: | Josh Berkus <josh(at)agliodbs(dot)com> |
|---|---|
| To: | Daniel Farina <drfarina(at)acm(dot)org> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: One Role, Two Passwords |
| Date: | 2011-01-21 01:32:17 |
| Message-ID: | 4D38E221.6090501@agliodbs.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> * Eventual Retirement of old credentials without having to issue ALTER
> statements (or really statements of any kind...) against application
> schema objects.
OK, that's a different goal. You want to be able to expire passwords
with an overlap period. That's quite different from wanting an
indefinfite number of passwords per role.
Mind you, the main way to do this right now ... and where you're going
to get pushback ... is using LDAP, ActiveDirectory or similar. At a
certain point we have to draw the line and say "PostgreSQL is not an
authtenication server". I don't know exactly where that line is, but
recognize that you're arguing about where to draw it.
--
-- Josh Berkus
PostgreSQL Experts Inc.
http://www.pgexperts.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kevin Grittner | 2011-01-21 01:54:52 | Re: SSI and Hot Standby |
| Previous Message | Florian Pflug | 2011-01-21 01:25:13 | Re: SSI and Hot Standby |