| From: | Michael Gould <mgould(at)intermodalsoftwaresolutions(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Craig Ringer <craig(at)postnewspapers(dot)com(dot)au> |
| Cc: | PG-General Mailing List <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Roles with passwords; SET ROLE ... WITH PASSWORD ? |
| Date: | 2009-12-02 15:39:59 |
| Message-ID: | dd02968bc2c64d47b60f9d73cbf04fd9@intermodalsoftwaresolutions.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
One other topic that is related to this is that we now have a expire date
but it would be nice to have a number of days also. This would make it easy
to force the user to change their passwords every X days if internal
security is being used instead of something like Kerberos or LDAP.
Best Regards
Michael Gould
>Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Craig Ringer <craig(at)postnewspapers(dot)com(dot)au> writes:
>> Anyway ... I'm curious about whether `SET ROLE rolename WITH PASSWORD'
>> is something that's technically practical to implement in PostgreSQL and
>> what people think about the idea.
>
> Seems like it would have all the standard problems with cleartext
> passwords being exposed in pg_stat_activity, system logs, etc.
> Also, what about people who are using more-secure-than-password
> auth methods, like Kerberos?
>
> I'm not really for it.
>
> regards, tom lane
>
> --
> Sent via pgsql-general mailing list (pgsql-general(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general
>
--
Michael Gould, Managing Partner
Intermodal Software Solutions, LLC
904.226.0978
904.592.5250 fax
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-12-02 15:42:12 | Re: deferrable foreign keys |
| Previous Message | Tatsuo Ishii | 2009-12-02 15:35:38 | Re: Large Objects and Replication question |