Re: rolcanlogin vs. the flat password file

Dave Page <dpage@postgresql.org>

From: Dave Page <dpage@postgresql.org>
To: Magnus Hagander <magnus@hagander.net>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Heikki Linnakangas <heikki@enterprisedb.com>, pgsql-hackers@postgresql.org
Date: 2007-10-17T16:47:26Z
Lists: pgsql-hackers
Magnus Hagander wrote:
> On Wed, Oct 17, 2007 at 05:09:25PM +0100, Dave Page wrote:
>> Stephen Frost wrote:
>>> * Tom Lane (tgl@sss.pgh.pa.us) wrote:
>>>> Heikki Linnakangas <heikki@enterprisedb.com> writes:
>>>>> There's legitimate use for creating a role with NOLOGIN and a password.
>>>> If we think that, then we shouldn't have a message at all.
>>> I'm not sure I agree with that.  I don't agree that there's really a
>>> legitimate use for creating a role w/ NOLOGIN and a password either, for
>>> that matter. 
>> Preparing a new user account prior to an employee starting? In my last
>> post we would do that regularly - setup all the accounts etc for the new
>> user, but disable them all until the start date.
> 
> Yeah, but did you actually set a password for them?

Yeah, then have them change them all during day 1 IT induction training.

We had a much smaller team that I know you do, and the staff that would
do the account setup would often be busy first thing on Monday morning
when new starters might often arrive - so we would just 'flip the
switch' on the pre-configured accounts.

/D