Tom Lane wrote:
Magnus Hagander [EMAIL PROTECTED] writes:
Heikki Linnakangas [EMAIL PROTECTED] writes:
At least if we think it's more than a very narrow legitimate use, compared
to the number of ppl making the mistake.
Did we ever come to a conclusion on this or not? I've changed my patch
Magnus Hagander wrote:
Tom Lane wrote:
Magnus Hagander [EMAIL PROTECTED] writes:
Heikki Linnakangas [EMAIL PROTECTED] writes:
At least if we think it's more than a very narrow legitimate use, compared
to the number of ppl making the mistake.
Did we ever come to a conclusion on this
Magnus Hagander wrote:
On Wed, Oct 17, 2007 at 11:27:10AM -0400, Tom Lane wrote:
Heikki Linnakangas [EMAIL PROTECTED] writes:
There's legitimate use for creating a role with NOLOGIN and a password.
If we think that, then we shouldn't have a message at all.
At least if we think it's more
Magnus Hagander [EMAIL PROTECTED] writes:
Heikki Linnakangas [EMAIL PROTECTED] writes:
At least if we think it's more than a very narrow legitimate use, compared
to the number of ppl making the mistake.
Did we ever come to a conclusion on this or not? I've changed my patch
per the
On Sun, Oct 14, 2007 at 06:16:04PM -0400, Stephen Frost wrote:
* Tom Lane ([EMAIL PROTECTED]) wrote:
Stephen Frost [EMAIL PROTECTED] writes:
I wonder if the OP was unhappy because he created a role w/ a pw and
then couldn't figure out why the user couldn't log in?
Hm, maybe. In
* Magnus Hagander ([EMAIL PROTECTED]) wrote:
I think that's a good idea. Attached is a patch that implements this (I
think - haven't messed around in that area of the code before). Thoughts?
Cool, thanks!
My only comment is that you should probably stick to one 'zero'
convention- either
Magnus Hagander wrote:
On Sun, Oct 14, 2007 at 06:16:04PM -0400, Stephen Frost wrote:
* Tom Lane ([EMAIL PROTECTED]) wrote:
Stephen Frost [EMAIL PROTECTED] writes:
I wonder if the OP was unhappy because he created a role w/ a pw and
then couldn't figure out why the user couldn't log in?
Hm,
* Tom Lane ([EMAIL PROTECTED]) wrote:
Heikki Linnakangas [EMAIL PROTECTED] writes:
There's legitimate use for creating a role with NOLOGIN and a password.
If we think that, then we shouldn't have a message at all.
I'm not sure I agree with that. I don't agree that there's really a
Heikki Linnakangas [EMAIL PROTECTED] writes:
There's legitimate use for creating a role with NOLOGIN and a password.
If we think that, then we shouldn't have a message at all.
regards, tom lane
---(end of broadcast)---
TIP
Stephen Frost wrote:
* Tom Lane ([EMAIL PROTECTED]) wrote:
Heikki Linnakangas [EMAIL PROTECTED] writes:
There's legitimate use for creating a role with NOLOGIN and a password.
If we think that, then we shouldn't have a message at all.
I'm not sure I agree with that. I don't agree that
On Wed, Oct 17, 2007 at 05:09:25PM +0100, Dave Page wrote:
Stephen Frost wrote:
* Tom Lane ([EMAIL PROTECTED]) wrote:
Heikki Linnakangas [EMAIL PROTECTED] writes:
There's legitimate use for creating a role with NOLOGIN and a password.
If we think that, then we shouldn't have a message at
On Wed, Oct 17, 2007 at 11:27:10AM -0400, Tom Lane wrote:
Heikki Linnakangas [EMAIL PROTECTED] writes:
There's legitimate use for creating a role with NOLOGIN and a password.
If we think that, then we shouldn't have a message at all.
At least if we think it's more than a very narrow
Magnus Hagander wrote:
On Wed, Oct 17, 2007 at 05:09:25PM +0100, Dave Page wrote:
Stephen Frost wrote:
* Tom Lane ([EMAIL PROTECTED]) wrote:
Heikki Linnakangas [EMAIL PROTECTED] writes:
There's legitimate use for creating a role with NOLOGIN and a password.
If we think that, then we
Tom Lane wrote:
With the attached patch to not drop nologin roles from the flat password
file, it acts more sanely:
postgres=# create user foo nologin;
CREATE ROLE
postgres=# \c - foo
Password for user foo:
FATAL: password authentication failed for user foo
Previous connection kept
There's a gripe over here
http://archives.postgresql.org/pgsql-general/2007-10/msg00640.php
to the effect that PG should not give a message like password
authentication failure when the user is attempting to log in as a
NOLOGIN role. This surprised me because there is a specific message
for that,
On Oct 14, 2007, at 14:34 , Tom Lane wrote:
I am not entirely convinced whether we should do anything about this:
the general theory on authentication failures is that you don't say
much
about exactly why it failed, so as to not give a brute-force attacker
any info about whether he gave a
* Tom Lane ([EMAIL PROTECTED]) wrote:
We could certainly change flatfiles.c to disregard rolcanlogin, which'd
actually make the code simpler. However, that in itself wouldn't change
the behavior, unless you were to assign a password to the NOLOGIN role
which seems a fairly strange thing to
Michael Glaesemann [EMAIL PROTECTED] writes:
Would there be a difference in how this is logged and how it's
reported to the user?
Not without making all the same infrastructure changes that would be
needed to tell the user something different than now. As things stand,
the password auth code
Stephen Frost [EMAIL PROTECTED] writes:
* Tom Lane ([EMAIL PROTECTED]) wrote:
... I think what the OP wishes
is that not permitted to log in would be checked before checking
password validity, and to do that we'd have to add rolcanlogin
to the flat password file and put the check somewhere
I wrote:
Stephen Frost [EMAIL PROTECTED] writes:
I wonder if the OP was unhappy because he created a role w/ a pw and
then couldn't figure out why the user couldn't log in?
Hm, maybe. In that case just not filtering the entry out of the flat
file would be good enough.
I've confirmed the
Tom Lane wrote:
Should we just do this, or is it worth working harder?
Not worth more, IMNSHO.
cheers
andrew
---(end of broadcast)---
TIP 9: In versions below 8.0, the planner will ignore your desire to
* Tom Lane ([EMAIL PROTECTED]) wrote:
Stephen Frost [EMAIL PROTECTED] writes:
I wonder if the OP was unhappy because he created a role w/ a pw and
then couldn't figure out why the user couldn't log in?
Hm, maybe. In that case just not filtering the entry out of the flat
file would be
22 matches
Mail list logo