Re: Password sub-process ...

On Fri, 26 Jul 2002, Tom Lane wrote:

> Rod Taylor <rbt@zort.ca> writes:
> > This still doesn't allow john on db1 to be a different user than john on
> > db2.  To accomplish that (easily) we still need to install different
> > instances for each database.
>
> Some people think that cross-database user names are a feature, not
> a bug.  I cannot see any way to change that without creating huge
> backward-compatibility headaches --- and it's not at all clear to
> me that it's a step forward, anyway.
>
> I think that it might be worth adding a CONNECT privilege at the
> database level; that together with Bruce's recent revisions to
> pg_hba.conf ought to be a pretty good improvement.

Note that I'm not looking to get rid of any functionality, only suggesting
that we should look at improving the ability to do remote administration
(ie. eliminate the requirement to manually change files) ...

As an example ... at the University I work at, we've started to use PgSQL
for more and more of our internal stuff, and/or let the students start to
use it for their projects ... so we have PgSQL running on one server,
while its being access by other ones around campus.  I'd like to be able
to be able to streamline things so that operations could easily create a
new database for a student (or faculty) on the server as a simple SQL
"CREATE DATABASE/USER" command, vs risking them making a mistake when they
manually edit the pg_hba.conf file ...

Also, I thnk I might have missed the point of the whole CONNECT privilege
thing ... if I have two ppl named joe on the system, each with different
passwords, how does the CONNECT know which one is the one that has access
to that database?