| From: | "David E(dot) Wheeler" <david(at)kineticode(dot)com> |
|---|---|
| To: | Selena Deckelmann <selena(at)chrisking(dot)com> |
| Cc: | pdxpug(at)postgresql(dot)org |
| Subject: | Re: authentication services |
| Date: | 2006-10-20 03:47:43 |
| Message-ID: | DE23DD94-CD81-4558-B192-E1A9BC4CDDB9@kineticode.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pdxpug |
On Oct 19, 2006, at 17:03, Selena Deckelmann wrote:
> It would be interesting if the system relied more on roles, and
> used authentication as a way of determining what role a user
> belonged to. Then, when a person tries to login to pgsql for the
> first time, it looks up what their group membership is and assigns
> permissions appropriately. And if you really wanted to, it could
> add the user to the database. Ideally, you'd just rely on the
> role, so that anyone with the proper role/group membership could
> login to the database. It's really powerful when you're in an
> environment that has defined responsibilities and rapid turnover.
So you're saying map PostgreSQL roles to LDAP groups?
> Few applications do this. Most people just make generic accounts
> that lots of people have the password to. And that leads to all
> sorts of problems.
Amen to that.
Best,
David
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Selena Deckelmann | 2006-10-20 16:11:59 | Re: authentication services |
| Previous Message | Selena Deckelmann | 2006-10-20 00:03:51 | Re: authentication services |