From: | Michael Banck <mbanck(at)gmx(dot)net> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Josh Berkus <josh(at)agliodbs(dot)com>, Volker Aßmann <volker(dot)assmann(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Andrew Dunstan <andrew(at)dunslane(dot)net>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Disabling trust/ident authentication configure option |
Date: | 2015-05-20 23:09:26 |
Message-ID: | 20150520230925.GB11196@raptor.chemicalconnection.dyndns.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, May 20, 2015 at 07:03:26PM -0400, Tom Lane wrote:
> Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> writes:
> > Michael Banck wrote:
> >> The other set of users I could think of are those who, for whatever
> >> reason, tend to always compile PostgreSQL from source for their
> >> company/organization. Maybe they have internal rules that requires a
> >> custom installation prefix for all their servers or whatever. Due to
> >> procedural requirements, or just the unwillingness to carry deltas, they
> >> absolutely want to use the pristine tarballs as well but would be very
> >> happy to get rid of some of the authentication methods.
>
> > Right. That's the set of users that Josh B says is only comprised of
> > Volker (the OP).
>
> That might be a bit harsh, but here's the thing: assuming you're willing
> to build from source, what is the reason for wanting $small_market_feature
> to be built into Postgres rather than being something you carry a patch
> for? ISTM the core reason is that you're expecting the community to carry
> the load of testing and maintaining the feature. And the fact of the
> matter is that we're not terribly good at testing non-mainstream build
> options. (There is depressingly little variety in the configure options
> used in the buildfarm, for example.) So I wouldn't be a bit surprised
> if something like this broke every time somebody touched the auth code,
> and we would not notice. It would only be reliable if it were something
> the community tended to use regularly ... which gets us back to the point
> that what needs to happen first is a credible replacement for "trust"
> mode.
Fair enough.
> I think Andres' point about "trust" being an essential disaster recovery
> mode is something to consider, as well. That puts pretty strict limits
> on what would be a credible replacement.
Then let's rename it from `trust' to `disaster'... ;)
Michael
From | Date | Subject | |
---|---|---|---|
Next Message | Jim Nasby | 2015-05-20 23:36:11 | Re: Change pg_cancel_*() to ignore current backend |
Previous Message | Tom Lane | 2015-05-20 23:03:26 | Re: Disabling trust/ident authentication configure option |