Re: Password-file caching is broken

> The password-file cache implemented by src/backend/libpq/crypt.c is
> now dysfunctional, because it is only loaded when a password check is
> requested, which is after the postmaster's child process has forked
> away from the postmaster. The cache is always empty in the postmaster,
> and every new backend will read up and cache the whole file before
> probing the cache ... once.

Yikes.

> One fairly reasonable solution would be to have the postmaster load
> the cache when receiving SIGHUP (when it also reloads its other config
> files). Then we could remove the password-file-reload-flag-file
> mechanism in favor of just kill(getppid(), SIGHUP), a mechanism we
> already use in other places.

I like kill() much better. I never liked that file-flag thing.

> If we don't do that, I am strongly inclined to remove the password cache
> mechanism and just allow the code to reread pg_pwd when checking a
> password.
>
> If we do keep the cache, I think I will also tweak crypt.c to store
> the cache in PostmasterContext palloc space, rather than malloc space,
> so that it will be freed when entering a new backend.

Good idea.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026