Bruce Momjian <pgman@candle.pha.pa.us> writes:
>> It's a pretty crude hack, since there isn't any support for updating
>> the secondary password files except via manual editing done by the
>> dbadmin. But I wouldn't be in favor of taking it out until we can
>> replace that functionality elsewhere.
> We have pg_passwd which does allow updating of the files.
Say again? I see a pg_shadow table and a pg_user view of it.
No pg_passwd table.
Since pg_shadow can't hold more than one password per user, it's
fundamentally incapable of supporting this function.
If we wanted to handle this better, I'd be inclined to remove passwords
from pg_shadow (then the need for a separate pg_user view would go away)
and make a pg_passwd table holding <username, dbname, password> triples
with some provision for an "any other db" wildcard. (Not dbname = NULL,
because we'd want to treat <username, dbname> as primary key. Maybe
dbname = '*' would be OK.) There'd need to be two flat files for the
postmaster to consult, one shadowing each of these tables.
Peter may already have better ideas as part of his protection-system
rework, though.
regards, tom lane