Re: Password sub-process ...
От | Marc G. Fournier |
---|---|
Тема | Re: Password sub-process ... |
Дата | |
Msg-id | 20020730002544.L3083-100000@mail1.hub.org обсуждение исходный текст |
Ответ на | Re: Password sub-process ... (Bruce Momjian <pgman@candle.pha.pa.us>) |
Ответы |
Re: Password sub-process ...
(Bruce Momjian <pgman@candle.pha.pa.us>)
Re: Password sub-process ... (Tom Lane <tgl@sss.pgh.pa.us>) |
Список | pgsql-hackers |
On Mon, 29 Jul 2002, Bruce Momjian wrote: > Actually, it is replaced by encrypted pg_shadow by default in 7.3, and > the new USER (users or groups) column in pg_hba.conf that will be in 7.3 > that can restrict based on user/group. This replaces the use of the > secondary file for just usernames. You can now specify a filename in > pg_hba.conf listing these. Would you look over the pg_hba.conf in CVS > and tell me what additional things are needed. Wow, what a change ... some nice stuff in there, mind you, but unless I'm missing something, you've thrown out some *major* functionality that we had before :( And since I missed this, its quite possible that i am missing something :) First and foremost in my mind ... how do you have two users in the system with seperate passwords? For instance, I have an application that right now that each authenticated user has a seperate userid/pass in pg_user ... this doesn't deal will with running multiple instances of this app on the same instance of PgSQL, since as soon as there are two 'bruce' users, only one can have a password ... I could run two instances of PgSQL, but then you have to split the resources between the two, instead of, for instance, having one great big shared memory pool attached to one instance to cover both ... So, I recode the app (yes, I have an app that was coded like this that I have to fix ... we weren't thinking when we wrote that section) so that when I add a new user to the application it does two things: 1. adds the username to pg_user *if* required2. adds the username/password to a "password" file specific to that instanceof the application So, unless I've missed something, in v7.3, this won't be possible? Somehow, I need to be able to have two users Bruce in pg_users, each with seperate passwords, with Bruce with pass1 having access to database1 and Bruce with pass2 having access to database2 ... Now, to knock out some thoughts here ... would it be possible to add a field to pg_{user,shadow} to state what database that userid/passwd pair belongs to? so, if AUTHTYPE == md5 or password, authentication would be based on all those users that 'belong' to that database? This could add the ability for a database owner to easily add a user for his/her database, in that if a user is created within a specific database by a non-superuse account, it automatically assigns that user to that database? CREATE USER would have an extra, option paramater of 'FOR <database>'?
В списке pgsql-hackers по дате отправления:
Предыдущее
От: Bruce MomjianДата:
Сообщение: Re: Question about LWLockAcquire's use of semaphores instead