Ron Snyder wrote: > > As for 7.3, maybe we can get that done in time of everyone > > likes it. If > > we can't, what do we do? Do we re-add the secondary password > > file stuff > > that most people don't like? My big question is how many other > > PostgreSQL users figured out they could use the secondary > > password file > > for username/db restrictions? I never thought of it myself. Maybe I > > should ask on general. > > Unless I'm misunderstanding you, we use it and like it. We have several > servers on one machine that all access the same password file (we have it > softlinked). If we need to create a user that accesses only one cluster, > then they get added to the file and created in the specific cluster. If > that user then needs access to a different cluster, they just need to be > added to the new cluster. > > The reason this is beneficial for us is because we then have the ability to > have postgres only user accounts, as well as accounts from YP. When the YP > user changes their unix password in YP, their postgres db account password > changes as well (via cronjob). > > There are fewer passwords for them to manage in this way, but we still get > the benefit of greater separation between clusters. > > Let me know if you want more information about how we use it (or if I > misunderstood). What is it that people _don't_ like?
OK, how do secondary passwords work in pg_hba.conf. It requires clear-text 'password', right, because the password is already crypt-ed in the file. Here you are using it for something different, where one file is used for multiple clusters. Interesting. The current code allows you to point to a file for a list of users, which could be symlinked, so that is handled. The only part not handled is the password part. One idea I had was to look for a colon in the username, and if I see one, I assume everything after the colon is a password. Would that work for you? -- Bruce Momjian | http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026 ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
