Re: Password sub-process ...

Marc G. Fournier wrote:
> so, I can easily do something like:
> 
> host database bruce IP1
> host database bruce IP2
> 
> and know that client on IP1 can't look at client on IP2s database, even
> with the same user ... but in a VH environment, you have:
> 
> host database bruce IP1
> host database bruce IP1
> 
> in the old system, I could make both password based, so that altho both
> bruce's were looking to come from the same IP, only the one with the right
> password could connect, so Client on IP1's bruce wouldn't be able to look
> in Client on IP2's database, since he wouldn't have the required password
> to connect ...
> 
> > I assume it would be MD5?
> 
> I've been using DES, but MD5 would work too ...

OK, I have one idea.  Right now the file format for usernames can be:
user, user, "user"
oruser user "user"
oruseruser"user"

so we don't really have columns in the file.  What we could do is to
allow the username to be specified as "user:pass" and the "pass" could
be in plaintext or md5.  You could actually specify the "pass" in
pg_hba.conf or in a secondary file.  The code currently makes no
distinction between them.

This does make the code a little more complex, but it is documenting
this that be cause the most confusion.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026