Re: rolcanlogin vs. the flat password file

Magnus Hagander wrote:
> On Sun, Oct 14, 2007 at 06:16:04PM -0400, Stephen Frost wrote:
>> * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
>>>> Stephen Frost <sfrost(at)snowman(dot)net> writes:
>>>>> I wonder if the OP was unhappy because he created a role w/ a pw and
>>>>> then couldn't figure out why the user couldn't log in?
>>>> Hm, maybe. In that case just not filtering the entry out of the flat
>>>> file would be good enough.
>>> I've confirmed the confusing behavior in CVS HEAD. With password auth
>>> selected in pg_hba.conf:
>> [...]
>>> Should we just do this, or is it worth working harder?
>> I certainly like this. Honestly, I'd also like the warning when doing a
>> 'create role'/'alter role' that sets/changes the pw on an account that
>> doesn't have 'rolcanlogin'. Much better to have me notice that I goof'd
>> the command and fix it before telling the user 'go ahead and log in'
>> than to have the user complain that it's not working. :)
>>
>> Just my 2c.
>
> I think that's a good idea. Attached is a patch that implements this (I
> think - haven't messed around in that area of the code before). Thoughts?

Is WARNING an appropriate level for this? I think NOTICE is enough, it's
not like something bad is going to happen if you do that, it just means
that you've likely screwed up.

There's legitimate use for creating a role with NOLOGIN and a password.
Maybe you're going to give login privilege later on. It wouldn't be nice
to get WARNINGs in that case, even NOTICEs would be sligthly annoying.

Note that per-role guc variables will also have no effect on a role with
no login privilege. How about connection limit, is that inherited?

--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com