Le 31/03/2010 07:11, Craig Ringer a écrit :
> Joshua Berry wrote:
>> Hello All,
>>
>> I have a few PHP/Clarion based applications that don't currently track
>> who created and modified records. I'd like to be able to track all user
>> and timestamp pairs for INSERT/UPDATEs by way of triggers.
>>
>> The problem is that I currently use the same role name for each instance
>> of the application, so "current_user" is not particularly helpful. So I
>> have a few ideas that I wanted to bounce off the experts here:
>> 1. Should I use seperate PG roles for each user? Is there a way of
>> permitting user names queried against a RADIUS server to inherit a role
>> allowing the needed permissions (trusting that the RADIUS server is
>> secured) and allowing the requested name to be used without having to
>> maintain two lists of accounts?
>
> I'm not sure about RADIUS, but Pg can auth users against Kerberos and
> against LDAP, or against anything that'll talk to PAM. You should be
> able to use RADIUS via PAM if nothing else.
>
RADIUS authentication will be available in 9.0. See
https://commitfest.postgresql.org/action/patch_view?id=260 .
--
Guillaume.
http://www.postgresqlfr.org
http://dalibo.com