| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: rolcanlogin vs. the flat password file |
| Date: | 2007-10-14 20:51:12 |
| Message-ID: | 20071014205112.GJ5031@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> We could certainly change flatfiles.c to disregard rolcanlogin, which'd
> actually make the code simpler. However, that in itself wouldn't change
> the behavior, unless you were to assign a password to the NOLOGIN role
> which seems a fairly strange thing to do. I think what the OP wishes
> is that "not permitted to log in" would be checked before checking
> password validity, and to do that we'd have to add rolcanlogin
> to the flat password file and put the check somewhere upstream of the
> authentication process.
I wonder if the OP was unhappy because he created a role w/ a pw and
then couldn't figure out why the user couldn't log in? I've run into
that in the past and it takes some leg-work to figure out what's going
on. A warning on a 'create role' or 'alter role' command which sets a
password when 'rolcanlogin' is false might be an alternative way to
'fix' this.
In general, I would say that it's correct to say 'invalid
authentication'/'bad pw' until the user is authenticated and then say
'not permitted to log in' if they're not authorized (don't have
rolcanlogin), which is I think what we do. That combined with the
warning above would, I think, cover most of problem cases.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-10-14 20:56:25 | Re: rolcanlogin vs. the flat password file |
| Previous Message | Michael Glaesemann | 2007-10-14 20:09:58 | Re: rolcanlogin vs. the flat password file |