jd@commandprompt.com ("Joshua D. Drake") writes:
> Tino Wildenhain wrote:
>
>> This way you can use pg_hba.conf, dedicated system tables or
>> maybe LDAP one day. (or just another postgres database)
>> Does it sound too easy? I hope so :-)
>
> Actually, that sounds bad. PostgreSQL should be the source of its own auth.
If there's a clear *OTHER* authority in the matter (e.g. - an LDAP
instance that manages numerous other things), then that's manifestly
not the case.
Making a selection of mechanisms configurable seems entirely
reasonable to me.
In a web hosting environment, it would seem quite reasonable for
authentication to be controlled in some central way that's *not*
necessarily PG-based.
--
output = ("cbbrowne" "@" "cbbrowne.com")
http://cbbrowne.com/info/internet.html
"Don't use C; In my opinion, C is a library programming language not
an app programming language." -- Owen Taylor (GTK+ and ORBit
developer)