| From: | Michael Braun <michael(dot)braun(at)fem(dot)tu-ilmenau(dot)de> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Cc: | admindb(at)fem(dot)tu-ilmenau(dot)de |
| Subject: | Re: superusers are members of all roles? |
| Date: | 2012-08-14 21:03:41 |
| Message-ID: | 502ABD2D.7000002@fem.tu-ilmenau.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
I've just recently upgraded to postgrsql 9.1 and also hit bug #5763.
Having +group not match all superusers is essential to be able to assign
different authentication backends to different superusers with needing
to edit configuration files on the radius host system. E.g. to be able
to authenticate some against ldap services and some against the password
stored in the database, so the superusers can opt into the central
authentication system if they want to. With the old postgresql version,
all user managers would only need postgresql tcp access, no access to
files or similar.
Could the different behaviour (superusers matching all/not all group
entries in hba.conf) perhaps become a configuration item?
Regards,
M. Braun
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2012-08-14 21:34:02 | Re: TRUE/FALSE vs true/false |
| Previous Message | Kevin Grittner | 2012-08-14 20:26:30 | Re: default_isolation_level='serializable' crashes on Windows |