| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Dmitry Morozovsky <marck(at)rinet(dot)ru> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Authentication problem |
| Date: | 2002-03-06 16:27:12 |
| Message-ID: | 23119.1015432032@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Dmitry Morozovsky <marck(at)rinet(dot)ru> writes:
> There is no "fall-through" or "backup": if one record is chosen
> and the authentication fails, the following records are not
> considered.
> Are there any plans to loose this restriction?
No. I don't believe we could count on clients to respond to multiple
authentication challenges of different types.
> It would be very useful to use e.g.
> local all ident admin
> local sameuser ident sameuser
> local all password passwd.user
The "sameuser" part of this works now, since sameuser is a record
matching constraint, not an authentication test.
There has been some talk of adding a more flexible username-matching
field to pg_hba (whereupon the file name would be inappropriate ;-))
but no one's really done any work on it.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jodi Kanter | 2002-03-06 16:33:55 | --fast switch |
| Previous Message | Markus Wollny | 2002-03-06 16:19:28 | postmaster shutdown |