Re: Open 7.3 items

OK, here is the patch to implement db_user_namespace. It includes
documentation.

I had to add to initdb to create a file /data/PG_INSTALLER and have the
postmaster read that on startup to determine the installing user.

---------------------------------------------------------------------------

Bruce Momjian wrote:
>
> I would like to address this email.
>
> Lamar is mentioning that it is unfair to remove a feature without
> warning.
>
> Let me give a little history. The secondary password file was created
> at a time when we didn't encrypt with random salt over the wire, and we
> had people who wanted to share their /etc/passwd file with PostgreSQL.
>
> Later, people wanted to use the secondary password file for just
> usernames, so you could list usernames in the file and limit db access
> by user. This is the current usage for 99% of secondary password users.
> This capability is better served in 7.3 with the new USER column in
> pg_shadow and the ability to specify filenames or groups in that file.
> Keeping the secondary password file to specify a user list while a new
> USER column exists in 7.3 is just confusing to administrators. Our
> pg_hba.conf system is pretty complex, so anything we can do to simplify
> helps.
>
> Now, on to Marc's case, where he does use the file for usernames _and_
> passwords. However, he is using it only so he can have more than one
> person with the same username and restrict access based on the password
> in the secondary password file. While this does work, my submitted
> patch makes this much easier and cleaner.
>
> Marc had mentioned that this should be an initdb flag. However, our
> standard procedure is to put stuff in initdb only when it can't be
> changed after initdb. While strange, this feature can be
> enabled-disabled after initdb. A quick update of pg_shadow can change
> usernames and you can go in and out of this mode.
>
> Someone talked about pushing this capability into a separate pg_shadow
> column, and making CREATE/ALTER user and createuser aware of this.
> While this can be done, and it sort of becomes user schemas, there isn't
> enough people wanting this to add complexity to those commands. A GUC
> flag will meet most peoples needs at this point.
>
> Some mentioned using user(at)dbname, though the idea of sorting made
> several recant their votes.
>
> So, based on the voting, I think dbname.username is an agreed-upon
> feature addition for 7.3. I will work on a final patch with
> documentation and post it to the patches list for more comment.
>

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073