| From: | Guillaume Lelarge <guillaume(at)lelarge(dot)info> |
|---|---|
| To: | Craig Ringer <craig(at)postnewspapers(dot)com(dot)au> |
| Cc: | Joshua Berry <yoberi(at)gmail(dot)com>, PostgreSQL - General <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: User action accounting |
| Date: | 2010-03-31 08:30:00 |
| Message-ID: | 4BB30808.9060600@lelarge.info |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Le 31/03/2010 07:11, Craig Ringer a écrit :
> Joshua Berry wrote:
>> Hello All,
>>
>> I have a few PHP/Clarion based applications that don't currently track
>> who created and modified records. I'd like to be able to track all user
>> and timestamp pairs for INSERT/UPDATEs by way of triggers.
>>
>> The problem is that I currently use the same role name for each instance
>> of the application, so "current_user" is not particularly helpful. So I
>> have a few ideas that I wanted to bounce off the experts here:
>> 1. Should I use seperate PG roles for each user? Is there a way of
>> permitting user names queried against a RADIUS server to inherit a role
>> allowing the needed permissions (trusting that the RADIUS server is
>> secured) and allowing the requested name to be used without having to
>> maintain two lists of accounts?
>
> I'm not sure about RADIUS, but Pg can auth users against Kerberos and
> against LDAP, or against anything that'll talk to PAM. You should be
> able to use RADIUS via PAM if nothing else.
>
RADIUS authentication will be available in 9.0. See
https://commitfest.postgresql.org/action/patch_view?id=260 .
--
Guillaume.
http://www.postgresqlfr.org
http://dalibo.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sean Davis | 2010-03-31 10:40:00 | Re: [NOVICE] Connect to postgresql database using Perl |
| Previous Message | dipti shah | 2010-03-31 07:54:23 | Re: Connect to postgresql database using Perl |