Hi, I've just recently upgraded to postgrsql 9.1 and also hit bug #5763. Having +group not match all superusers is essential to be able to assign different authentication backends to different superusers with needing to edit configuration files on the radius host system. E.g. to be able to authenticate some against ldap services and some against the password stored in the database, so the superusers can opt into the central authentication system if they want to. With the old postgresql version, all user managers would only need postgresql tcp access, no access to files or similar.
Could the different behaviour (superusers matching all/not all group entries in hba.conf) perhaps become a configuration item? Regards, M. Braun -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers