Re: password authentication with external passwd file

On Sat, Aug 27, 2005 at 01:31:25AM -0700, Jason Stone wrote:
> I would like to know first, if I'm mistaken, or if external passwd files
> are now specified in some other way, or must be enabled at compile time or
> something like that; ie, am I doing something wrong?

The 7.3 Release Notes have the following items:

* Remove secondary password file capability and pg_password utility (Bruce)

* Add variable db_user_namespace for database-local user names (Bruce)

> If this feature is indeed no longer supported, is there some other way
> that I can allow the same username to have different passwords on
> different databases?

See the documentation for db_user_namespace:

http://www.postgresql.org/docs/8.0/static/runtime-config.html#RUNTIME-CONFIG-CONNECTION-SECURITY

> The background is that this is a hosting environment, and each customer is
> given one database to use however they want; different human users should
> be able to create database users with the same username without
> accidentally granting each other rights on their own databases.  We
> currently do this by maintaining a password file per user/database, and
> letting users put whatever usernames and passwords they want into the
> password file for their database.

If you use db_user_namespace then you might have to provide an
interface for users to manage the user names in their databases.
One possibility would be to write a set of SECURITY DEFINER functions
that execute the correct CREATE USER, DROP USER, etc. commands.

--
Michael Fuhr