Re: rolcanlogin vs. the flat password file
Magnus Hagander <magnus@hagander.net>
From: Magnus Hagander <magnus@hagander.net>
To: Tom Lane <tgl@sss.pgh.pa.us>, pgsql-hackers@postgresql.org
Date: 2007-10-17T14:46:34Z
Lists: pgsql-hackers
Attachments
- warn_user_no_pwd.patch (text/plain) patch
On Sun, Oct 14, 2007 at 06:16:04PM -0400, Stephen Frost wrote: > * Tom Lane (tgl@sss.pgh.pa.us) wrote: > > > Stephen Frost <sfrost@snowman.net> writes: > > >> I wonder if the OP was unhappy because he created a role w/ a pw and > > >> then couldn't figure out why the user couldn't log in? > > > > > Hm, maybe. In that case just not filtering the entry out of the flat > > > file would be good enough. > > > > I've confirmed the confusing behavior in CVS HEAD. With password auth > > selected in pg_hba.conf: > [...] > > Should we just do this, or is it worth working harder? > > I certainly like this. Honestly, I'd also like the warning when doing a > 'create role'/'alter role' that sets/changes the pw on an account that > doesn't have 'rolcanlogin'. Much better to have me notice that I goof'd > the command and fix it before telling the user 'go ahead and log in' > than to have the user complain that it's not working. :) > > Just my 2c. I think that's a good idea. Attached is a patch that implements this (I think - haven't messed around in that area of the code before). Thoughts? //Magnus