From: | Dimitri Maziuk <dmaziuk(at)bmrb(dot)wisc(dot)edu> |
---|---|
To: | pgsql-general(at)lists(dot)postgresql(dot)org |
Cc: | Ravi Krishna <sravikrishna(at)aol(dot)com> |
Subject: | Re: Can Pg somehow recognize/honor linux groups to control user access ? |
Date: | 2018-08-22 18:11:33 |
Message-ID: | 913676f0-b9b0-670f-381f-b2d231c70c77@bmrb.wisc.edu |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 08/22/2018 12:54 PM, Ravi Krishna wrote:
>>
>> How is that different from giving your grants to a database role and
>> just telling the new user the name and password of that role to connect as?
>
> Well here I have to do some work, with the groups approach, it is outsourced to devops. Secondly when you take into account AD, the user does not have to remember his password for db login. It is same as AD.
So it seems to me that the feature may be worth adding is to fetch the
password, *as well as "ldapsearchattribute"* from LDAP:
https://www.postgresql.org/docs/10/static/auth-methods.html#AUTH-LDAP
You should be able to get the role name from AD already, but the
password they still have to remember.
Although I still don't see this really working for anything more
complicated than one database and no user in more than one group.
--
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu
From | Date | Subject | |
---|---|---|---|
Next Message | Tim Cross | 2018-08-22 22:17:06 | Re: Can Pg somehow recognize/honor linux groups to control user access ? |
Previous Message | Dimitri Maziuk | 2018-08-22 17:23:49 | Re: Can Pg somehow recognize/honor linux groups to control user access ? |