On Thu, 2002-08-01 at 16:17, Tom Lane wrote: > Hannu Krosing <[EMAIL PROTECTED]> writes: > > This name mangling should be done at connect time and kept out of > > database, where each users name should always be fully resolved > > ([EMAIL PROTECTED]). > > I really like Hannu's approach to this. It seems to solve Marc's > problem with a very simple, easily understood, easily implemented > feature. All we need is a postmaster configuration parameter that > (when TRUE) causes the postmaster to convert the passed username > into 'username@databasename' before looking it up in pg_shadow. > > (Actually, what I'd prefer it do is try first for username, and > then username@databasename if plain username isn't found.)
This should not really be @databasename, but rather a @domainname as Mark does in fact want to use the same user from some virtual host (==domain) for more than one database sometimes. Using databasename as a domainname is just the quickest way to resolve the domainname if no more info about it is given. Thinking of the @xxx part as a domainname and not tying it to databasename would be beneficial in case we later want to use other kinds of domains (like NT, DNS/mail, YP or Kerberos domains for example) If need arises we could later split out the @xxx part to "usedomain" field and perhaps also add "usedomainkind" field in order to manage that info in databse instead of pg_hba.conf. ----------------- Hannu ---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster
