Re: Password sub-process ...
Rod Taylor <rbt@zort.ca>
From: Rod Taylor <rbt@zort.ca>
To: "Marc G. Fournier" <scrappy@hub.org>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Bruno Wolff III <bruno@wolff.to>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2002-07-26T17:49:30Z
Lists: pgsql-hackers
On Fri, 2002-07-26 at 12:55, Marc G. Fournier wrote: > On Fri, 26 Jul 2002, Tom Lane wrote: > > > Rod Taylor <rbt@zort.ca> writes: > > > This still doesn't allow john on db1 to be a different user than john on > > > db2. To accomplish that (easily) we still need to install different > > > instances for each database. > > > > Some people think that cross-database user names are a feature, not > > a bug. I cannot see any way to change that without creating huge > > backward-compatibility headaches --- and it's not at all clear to > > me that it's a step forward, anyway. > > > > I think that it might be worth adding a CONNECT privilege at the > > database level; that together with Bruce's recent revisions to > > pg_hba.conf ought to be a pretty good improvement. > Also, I thnk I might have missed the point of the whole CONNECT privilege > thing ... if I have two ppl named joe on the system, each with different > passwords, how does the CONNECT know which one is the one that has access > to that database? Well.. right now we call one db1_joe and db2_joe. I meant adding the ability to lock some users to specific DBs -- and only exist there. Authentication would use destination DB as well as username. Where DB is null, the user is a global user. Usernames would still be unique per database.