Folks, Jeremy handed me an interesting feature proposal at last night's SFPUG meeting.
PG authentication methods ought to have drop-downs to other authentication methods, in the same manner as SSH and PAM. The idea would be this, if you had the following in your pg_hba.conf: somedb jeremy 23.165.22.198 255.255.255.255 kerberos somedb jeremy 23.165.22.198 255.255.255.255 md5 Then, when jeremy tries to connect to somedb from 23.165.22.198, the system would first try kerberos authentication, and if that fails offer an md5 password login. Only when the system ran out of applicable lines in pg_hba.conf would the user be rejected. Any reason why this is a bad idea? It would improve the lives of a lot of kerberos and SSL users who have to deal with flaky authentication issues. -- -Josh Berkus Aglio Database Solutions San Francisco ---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster
