Marc G. Fournier wrote: > On Mon, 29 Jul 2002, Bruce Momjian wrote: > > > Marc G. Fournier wrote: > > > > > > Something to maybe add to the TODO list, if someone has the > > > time/inclination to work on it ... > > > > > > The problem with the current auth system, as I see it, is that you can't > > > easily have seperate user lists and passwords per database ... its shared > > > across the system ... > > > > > > The closest you can get is to have a database defined as 'password' in > > > pg_hba.conf, with an external password file from pg_shadow, which, for the > > > most part, is good ... but it doesn't lend itself well to a 'hands off' > > > server ... > > > > Actually, that is removed in 7.3. It was too weird a syntax and format > > and the original idea of sharing /etc/passwd there didn't work anymore > > on most systems. > > whoa ... what replaced it? weird it might have been, but it worked great > if you knew about it ...
Well, I asked and no one answered. ;-) Actually, it is replaced by encrypted pg_shadow by default in 7.3, and the new USER (users or groups) column in pg_hba.conf that will be in 7.3 that can restrict based on user/group. This replaces the use of the secondary file for just usernames. You can now specify a filename in pg_hba.conf listing these. Would you look over the pg_hba.conf in CVS and tell me what additional things are needed. -- Bruce Momjian | http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026 ---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster