Marc G. Fournier wrote:
> On Mon, 29 Jul 2002, Bruce Momjian wrote:
>
> > Marc G. Fournier wrote:
> > >
> > > Something to maybe add to the TODO list, if someone has the
> > > time/inclination to work on it ...
> > >
> > > The problem with the current auth system, as I see it, is that you can't
> > > easily have seperate user lists and passwords per database ... its shared
> > > across the system ...
> > >
> > > The closest you can get is to have a database defined as 'password' in
> > > pg_hba.conf, with an external password file from pg_shadow, which, for the
> > > most part, is good ... but it doesn't lend itself well to a 'hands off'
> > > server ...
> >
> > Actually, that is removed in 7.3. It was too weird a syntax and format
> > and the original idea of sharing /etc/passwd there didn't work anymore
> > on most systems.
>
> whoa ... what replaced it? weird it might have been, but it worked great
> if you knew about it ...
Well, I asked and no one answered. ;-)
Actually, it is replaced by encrypted pg_shadow by default in 7.3, and
the new USER (users or groups) column in pg_hba.conf that will be in
7.3 that can restrict based on user/group. This replaces the use of the
secondary file for just usernames. You can now specify a filename in
pg_hba.conf listing these. Would you look over the pg_hba.conf in CVS
and tell me what additional things are needed.
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill,
Pennsylvania19026