Hi,
> I am wondering if we could have a configure-time or install-time
> option to make pg_shadow (and pg_group I guess) be database-local
> instead of installation-wide. I am not sure about the implications
> of this --- in particular, is the notion of a database owner still
> meaningful? How
Neil Conway writes:
> However, it would be useful to be able to do something like this -- how
> about something like the following:
>
> - the auth system contains a list of 'auth domains' -- an identifier
> similar to a schema name
>
> - the combination of (domain, username) must be
Bruce Momjian <[EMAIL PROTECTED]> writes:
> OK, I have one idea. Right now the file format for usernames can be:
But this is just reimplementing the original functionality, which was
quite broken IMHO. The setup Marc is describing doesn't really have
users per-database, it's only faking it. An
Marc G. Fournier wrote:
> so, I can easily do something like:
>
> host database bruce IP1
> host database bruce IP2
>
> and know that client on IP1 can't look at client on IP2s database, even
> with the same user ... but in a VH environment, you have:
>
> host database bruce IP1
> host database
On Tue, 2002-07-30 at 16:55, Marc G. Fournier wrote:
> On Tue, 30 Jul 2002, Andrew Sullivan wrote:
>
> > On Tue, Jul 30, 2002 at 12:43:52AM -0300, Marc G. Fournier wrote:
> >
> > > since as soon as there are two 'bruce' users, only one can have a password
> >
> > I guess I don't understand why th
Marc G. Fournier wrote:
> I think that is the problem with everyone's "thinking" ... they are only
> dealing with 'small servers', where it only has a couple of databases ...
> I'm currently running a server with >100 domains on it, each one with *at
> least* one database ... each one of those dom
On Tue, Jul 30, 2002 at 11:55:55AM -0300, Marc G. Fournier wrote:
> I think that is the problem with everyone's "thinking" ... they are only
> dealing with 'small servers', where it only has a couple of databases ...
> I'm currently running a server with >100 domains on it, each one with *at
> lea
> ... amongst all the various 'bruce's...
Hmm. The "Monty Python scenario"? :)
- Thomas
---(end of broadcast)---
TIP 5: Have you checked our extensive FAQ?
http://www.postgresql.org/users-lounge/docs/faq.html
On Tue, 30 Jul 2002, Andrew Sullivan wrote:
> On Tue, Jul 30, 2002 at 12:43:52AM -0300, Marc G. Fournier wrote:
>
> > since as soon as there are two 'bruce' users, only one can have a password
>
> I guess I don't understand why that's a problem. I mean, if you're
> authenticating users, how can
On Tue, 2002-07-30 at 10:40, Marc G. Fournier wrote:
> On Tue, 30 Jul 2002, Bruce Momjian wrote:
>
> > Marc G. Fournier wrote:
> > > You seem to have done a nice job with the + and @ for 'maps' ... how about
> > > third on that states that the map file has a username:password pair in it?
> > >
>
On Tue, 30 Jul 2002, Bruce Momjian wrote:
> Marc G. Fournier wrote:
> > You seem to have done a nice job with the + and @ for 'maps' ... how about
> > third on that states that the map file has a username:password pair in it?
> >
> > I do like how the pg_hba.conf has changed, just don't like the
Marc G. Fournier wrote:
> You seem to have done a nice job with the + and @ for 'maps' ... how about
> third on that states that the map file has a username:password pair in it?
>
> I do like how the pg_hba.conf has changed, just don't like the lose of
> functionality :(
OK, but the only logic f
On Tue, 30 Jul 2002, Bruce Momjian wrote:
> Tom Lane wrote:
> > Bruce Momjian <[EMAIL PROTECTED]> writes:
> > > Tom Lane wrote:
> > >> Uh, we've *never* supported "two bruce users" ...
> >
> > > He was being tricky by having different passwords for the same user on
> > > each database, so one use
On Tue, 30 Jul 2002, Bruce Momjian wrote:
> Tom Lane wrote:
> > "Marc G. Fournier" <[EMAIL PROTECTED]> writes:
> > > First and foremost in my mind ... how do you have two users in the system
> > > with seperate passwords? ...
> > > since as soon as there are two 'bruce' users, only one can have
On Tue, 30 Jul 2002, Tom Lane wrote:
> "Marc G. Fournier" <[EMAIL PROTECTED]> writes:
> > First and foremost in my mind ... how do you have two users in the system
> > with seperate passwords? ...
> > since as soon as there are two 'bruce' users, only one can have a password
>
> Uh, we've *never
Tom Lane wrote:
> Bruce Momjian <[EMAIL PROTECTED]> writes:
> > Tom Lane wrote:
> >> Uh, we've *never* supported "two bruce users" ...
>
> > He was being tricky by having different passwords for the same user on
> > each database, so one user couldn't get into the other database, even
> > though
Tom Lane wrote:
> Bruce Momjian <[EMAIL PROTECTED]> writes:
> > Tom Lane wrote:
> >> Uh, we've *never* supported "two bruce users" ...
>
> > He was being tricky by having different passwords for the same user on
> > each database, so one user couldn't get into the other database, even
> > though
Tom Lane wrote:
> "Marc G. Fournier" <[EMAIL PROTECTED]> writes:
> > First and foremost in my mind ... how do you have two users in the system
> > with seperate passwords? ...
> > since as soon as there are two 'bruce' users, only one can have a password
>
> Uh, we've *never* supported "two bruc
Bruce Momjian <[EMAIL PROTECTED]> writes:
> Tom Lane wrote:
>> Uh, we've *never* supported "two bruce users" ...
> He was being tricky by having different passwords for the same user on
> each database, so one user couldn't get into the other database, even
> though it was the same name.
But the
Tom Lane wrote:
> "Marc G. Fournier" <[EMAIL PROTECTED]> writes:
> > First and foremost in my mind ... how do you have two users in the system
> > with seperate passwords? ...
> > since as soon as there are two 'bruce' users, only one can have a password
>
> Uh, we've *never* supported "two bruc
"Marc G. Fournier" <[EMAIL PROTECTED]> writes:
> First and foremost in my mind ... how do you have two users in the system
> with seperate passwords? ...
> since as soon as there are two 'bruce' users, only one can have a password
Uh, we've *never* supported "two bruce users" ... users have alwa
Marc G. Fournier wrote:
> On Mon, 29 Jul 2002, Bruce Momjian wrote:
>
> > Actually, it is replaced by encrypted pg_shadow by default in 7.3, and
> > the new USER (users or groups) column in pg_hba.conf that will be in 7.3
> > that can restrict based on user/group. This replaces the use of the
>
On Mon, 29 Jul 2002, Bruce Momjian wrote:
> Actually, it is replaced by encrypted pg_shadow by default in 7.3, and
> the new USER (users or groups) column in pg_hba.conf that will be in 7.3
> that can restrict based on user/group. This replaces the use of the
> secondary file for just usernames.
Marc G. Fournier wrote:
> On Mon, 29 Jul 2002, Bruce Momjian wrote:
>
> > Marc G. Fournier wrote:
> > >
> > > Something to maybe add to the TODO list, if someone has the
> > > time/inclination to work on it ...
> > >
> > > The problem with the current auth system, as I see it, is that you can't
>
On Mon, 29 Jul 2002, Bruce Momjian wrote:
> Marc G. Fournier wrote:
> >
> > Something to maybe add to the TODO list, if someone has the
> > time/inclination to work on it ...
> >
> > The problem with the current auth system, as I see it, is that you can't
> > easily have seperate user lists and p
Marc G. Fournier wrote:
>
> Something to maybe add to the TODO list, if someone has the
> time/inclination to work on it ...
>
> The problem with the current auth system, as I see it, is that you can't
> easily have seperate user lists and passwords per database ... its shared
> across the syste
Bruno Wolff III wrote:
> On Fri, Jul 26, 2002 at 13:55:58 -0300,
> "Marc G. Fournier" <[EMAIL PROTECTED]> wrote:
> >
> > As an example ... at the University I work at, we've started to use PgSQL
> > for more and more of our internal stuff, and/or let the students start to
> > use it for their p
On Fri, 26 Jul 2002, Jan Wieck wrote:
> What would be good is IMHO to have GRANT|REVOKE CONNECT which defaults
> to REVOKE, so only superusers and the DB owner can connect, but that the
> owner later can change it without the need to edit hba.conf.
Oh, yes. Me too please. I think something clo
Something to maybe add to the TODO list, if someone has the
time/inclination to work on it ...
The problem with the current auth system, as I see it, is that you can't
easily have seperate user lists and passwords per database ... its shared
across the system ...
The closest you can get is to h
On Fri, Jul 26, 2002 at 10:48:53 -0300,
"Marc G. Fournier" <[EMAIL PROTECTED]> wrote:
>
> Something to maybe add to the TODO list, if someone has the
> time/inclination to work on it ...
>
> The problem with the current auth system, as I see it, is that you can't
> easily have seperate user li
On Fri, 2002-07-26 at 12:55, Marc G. Fournier wrote:
> On Fri, 26 Jul 2002, Tom Lane wrote:
>
> > Rod Taylor <[EMAIL PROTECTED]> writes:
> > > This still doesn't allow john on db1 to be a different user than john on
> > > db2. To accomplish that (easily) we still need to install different
> > >
"Marc G. Fournier" wrote:
>
> Something to maybe add to the TODO list, if someone has the
> time/inclination to work on it ...
>
> The problem with the current auth system, as I see it, is that you can't
> easily have seperate user lists and passwords per database ... its shared
> across the sys
32 matches
Mail list logo
