Re: Allow cluster owner to bypass authentication

From: David Steele <david(at)pgmasters(dot)net>
To: Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>
Cc: Stephen Frost <sfrost(at)snowman(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Allow cluster owner to bypass authentication
Date: 2020-04-06 18:12:54
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On 4/5/20 6:15 AM, Peter Eisentraut wrote:
> On 2020-03-27 15:58, David Steele wrote:
>> Hi Peter,
>> On 12/27/19 3:22 PM, Stephen Frost wrote:
>>> * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
>>>> I think it'd be great if this behavior could be implemented
>>>> within the notation, because we could then just set up a
>>>> non-empty default pg_ident.conf with useful behavioral
>>>> examples in the form of prefab maps.  In particular, we
>>>> should think about how hard it is to do "I want the default
>>>> behavior plus allow joe to connect as charlie".  If the
>>>> default is a one-liner that you can copy and add to,
>>>> that's a lot better than if you have to reverse-engineer
>>>> what to write.
>>> This direction certainly sounds more appealing to me.
>> Any thoughts on the discussion between Stephen and Tom?
> It appears that the whole discussion of what a new default security
> configuration could or should be hasn't really moved to a new consensus,
> so given the time, I think it's best that we leave things as they are
> and continue the exploration at some future time.

Sounds good. I've marked the patch RwF.


In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message David Steele 2020-04-06 18:17:52 Re: archive recovery fetching wrong segments
Previous Message Alexey Kondratov 2020-04-06 17:43:46 Re: Allow CLUSTER, VACUUM FULL and REINDEX to change tablespace on the fly