Re: rolcanlogin vs. the flat password file
Stephen Frost <sfrost@snowman.net>
From: Stephen Frost <sfrost@snowman.net>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: pgsql-hackers@postgresql.org
Date: 2007-10-14T22:16:04Z
Lists: pgsql-hackers
* Tom Lane (tgl@sss.pgh.pa.us) wrote: > > Stephen Frost <sfrost@snowman.net> writes: > >> I wonder if the OP was unhappy because he created a role w/ a pw and > >> then couldn't figure out why the user couldn't log in? > > > Hm, maybe. In that case just not filtering the entry out of the flat > > file would be good enough. > > I've confirmed the confusing behavior in CVS HEAD. With password auth > selected in pg_hba.conf: [...] > Should we just do this, or is it worth working harder? I certainly like this. Honestly, I'd also like the warning when doing a 'create role'/'alter role' that sets/changes the pw on an account that doesn't have 'rolcanlogin'. Much better to have me notice that I goof'd the command and fix it before telling the user 'go ahead and log in' than to have the user complain that it's not working. :) Just my 2c. Thanks, Stephen