| From: | The Hermit Hacker <scrappy(at)hub(dot)org> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: CREATE DATABASE WITH OWNER '??'; |
| Date: | 2000-05-09 21:17:02 |
| Message-ID: | Pine.BSF.4.21.0005091814020.777-100000@thelab.hub.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, 9 May 2000, Peter Eisentraut wrote:
> Tom Lane writes:
>
> > Rather than the separate pw files, maybe pg_shadow needs some kind of
> > provision for database-specific passwords ...
>
> Perhaps the issue is not so much having different passwords for each
> database. I don't think this is necessarily a priority. (I think it would
> be rather confusing that there would be one user and many passwords.)
>
> The issue is that you can't say "Do password authentication, but only for
> these users". It forces you to make separate password files. Perhaps we
> could extend the syntax similar to this
>
> | host all 127.0.0.1 255.255.255.255 passwd &user1,user2,user3
>
> to mean "do password authentication using the pg_shadow passwords, but
> only for the named users". (`&' would be some special character to
> distinguish a list of users from a password file name.)
why can't we extend the whole 'grant table' syntax to a 'grant database'
one also? as I see it, the owner of a database should be able to
grant/refuse connections to his database without having to go through the
DBA, which the above requires ...
Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: scrappy(at)hub(dot)org secondary: scrappy(at){freebsd|postgresql}.org
| From | Date | Subject | |
|---|---|---|---|
| Next Message | The Hermit Hacker | 2000-05-09 21:19:18 | Re: CREATE DATABASE WITH OWNER '??'; |
| Previous Message | The Hermit Hacker | 2000-05-09 21:13:29 | Re: misc questions |