Re: Password-file caching is broken

> The password-file cache implemented by src/backend/libpq/crypt.c is
> now dysfunctional, because it is only loaded when a password check is
> requested, which is after the postmaster's child process has forked
> away from the postmaster.  The cache is always empty in the postmaster,
> and every new backend will read up and cache the whole file before
> probing the cache ... once.

Yikes.

> One fairly reasonable solution would be to have the postmaster load
> the cache when receiving SIGHUP (when it also reloads its other config
> files).  Then we could remove the password-file-reload-flag-file
> mechanism in favor of just kill(getppid(), SIGHUP), a mechanism we
> already use in other places.

I like kill() much better.  I never liked that file-flag thing.

> If we don't do that, I am strongly inclined to remove the password cache
> mechanism and just allow the code to reread pg_pwd when checking a
> password.
> 
> If we do keep the cache, I think I will also tweak crypt.c to store
> the cache in PostmasterContext palloc space, rather than malloc space,
> so that it will be freed when entering a new backend.

Good idea.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026