Re: Allow cluster owner to bypass authentication

On 2020-03-27 15:58, David Steele wrote:
> Hi Peter,
> 
> On 12/27/19 3:22 PM, Stephen Frost wrote:
>> * Tom Lane (tgl@sss.pgh.pa.us) wrote:
>>
>>> I think it'd be great if this behavior could be implemented
>>> within the notation, because we could then just set up a
>>> non-empty default pg_ident.conf with useful behavioral
>>> examples in the form of prefab maps.  In particular, we
>>> should think about how hard it is to do "I want the default
>>> behavior plus allow joe to connect as charlie".  If the
>>> default is a one-liner that you can copy and add to,
>>> that's a lot better than if you have to reverse-engineer
>>> what to write.
>>
>> This direction certainly sounds more appealing to me.
> 
> Any thoughts on the discussion between Stephen and Tom?

It appears that the whole discussion of what a new default security 
configuration could or should be hasn't really moved to a new consensus, 
so given the time, I think it's best that we leave things as they are 
and continue the exploration at some future time.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services