| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Tim Frank <tfrank(at)registrar(dot)uoguelph(dot)ca> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Re: database access |
| Date: | 2001-03-14 04:59:35 |
| Message-ID: | 23750.984545975@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Tim Frank <tfrank(at)registrar(dot)uoguelph(dot)ca> writes:
> My question would be if I used "sameuser" as the database then would my
> database superusers be allowed to also connect to databases different
> from their usernames?
You're looking at this the wrong way. Whether you are superuser or not
is immaterial as far as connection privileges go --- that fact is
determined *after* you have connected.
The sort of thing you can set up with the current privilege model is
like this:
host sameuser hostip hostmask ident
host all hostip hostmask passwd
This essentially says that for connections originating from the
hostip/hostmask part of cyberspace, "ident" authentication will
be used if you are trying to connect to the database named after
your username, otherwise "passwd" authentication will be used.
Obviously you can use two other forms of authentication if you
choose, but that's the basic model. The first line in pg_hba.conf
that matches your target database and connection origination address
determines the authentication method that is used. Generally you'd
make the earlier lines describe a tighter match and a looser auth
method than the later lines, but the machine doesn't care...
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Aaron Cline | 2001-03-14 05:13:53 | Timestamp interval question |
| Previous Message | Franck Martin | 2001-03-14 04:58:48 | RE: Is v7.1 stable enough? |