Re: pg_hba.conf file

7.3, due out in a few months, has several solutions to this. First, you
can list username directly in pg_hba.conf, and filenames containing
username, and lists of files containing usernames, so you can have
@file1,@file2. I don't know a way to specify multiple filenames in
7.2.X.

I am attaching the new pg_hba.conf contents so you can see what is
possible and comment on how it meets your needs.

---------------------------------------------------------------------------

Jodi Kanter wrote:
> My current pg_hba.conf file looks like this:
>
> local genex password pgpasswords_genex
> host genex 127.0.0.1 255.255.255.255 password pgpasswords_genex
>
>
> local herr_lab password pgpasswords_herr_lab
> host herr_lab 127.0.0.1 255.255.255.255 password pgpasswords_herr_lab
>
> "genex" and "herr_lab" are two separate databases which are used by two different departments. I set my pg_hba.conf file up this way to ensure that only the logins within the "pgpasswords_genex" file could access the genex database. And similarly for the herr_lab database - I only wanted user IDs within the pgpasswords_herr_lab file to access the herr_lab database.
>
> The problem here is that template1 is not mentioned and therefore commands like dropdb and createdb are not functioning. I tried adding the following lines:
>
> local template1 password pgpasswords_genex
> local template1 password pgpasswords_herr_lab
>
> The problem here is that the system seems to ignore the second line. The logins within the "pgpasswords_genex" file can now create and drop databases but the users in "pgpasswords_herr_lab" cannot.
>
> I would like to set it up such that only the genex users (with db creation permissions) can add or drop the genex database and only the herr_lab users (with db create permissions) can add or drop the herr_lab database.
>
> Is this possible? Can I get the system to recognize both pgpasswords files when referencing template1? Is there a better way to accomplish my goal?
> I recall a message posted somewhat recently regarding the pg_passwd utility. Is there some security flaw that I need to be aware of?
> Thanks for your help.
> Jodi
>
>
> _______________________________
> Jodi L Kanter
> BioInformatics Database Administrator
> University of Virginia
> (434) 924-2846
> jkanter(at)virginia(dot)edu
>
>
>
>
>
>
>
>
>

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073