On 11/05/2015 07:20 PM, Mark Rotteveel wrote:
> On Thu, 5 Nov 2015 16:07:05 +0300, Alex Peshkoff <[email protected]> wrote:
>> That's how authentication and providers work, but for management such
>> mode is not good.
>> Imagine that one can issue identical but with different password command
>> CREATE USER twice, adding users with different passwords in different
>> plugins. I do not think it's good idea.
> ...
>
>> Yes, this should work.
>> Except one detail - I've tried to keep legacy auth as 'old-style' as
>> possible, and SYSDBA for it is pre-created in security database. With
>> old password 'masterke'. I.e. you will not be able to create user sysdba
>> second time. But with SQL you may use CREATE OR ALTER which will work
>> like for any other DDL.
> I have both a Srp and legacy_auth sysdba, so it is possible to create two
> users with the same name. Could you clarify what you mean? Or is sysdba an
> exception to this?
You have removed the sample, but exactly looking at it is important for
an answer.
create user SYSDBA password 'SomethingCryptic'
using plugin legacy_auth;
In legacy table of users (plg$users) there is already user sysdba, and
therefore this command will fail. Approximately this way:
# ./isql employee
Database: employee, User: SYSDBA
SQL> create user SYSDBA password 'SomethingCryptic' using plugin
Legacy_UserManager;
Statement failed, SQLSTATE = 23000
add record error
-violation of PRIMARY or UNIQUE KEY constraint "INTEG_2" on table
"PLG$USERS"
-Problematic key value is ("PLG$USER_NAME" = 'SYSDBA')
SQL>
For any other user - please, it works.
Or something like this may be done:
SQL> create or alter user SYSDBA password 'SomethingCryptic' using
plugin Legacy_UserManager;
SQL>
------------------------------------------------------------------------------
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
