On Sat, Aug 27, 2005 at 01:31:25AM -0700, Jason Stone wrote: > I would like to know first, if I'm mistaken, or if external passwd files > are now specified in some other way, or must be enabled at compile time or > something like that; ie, am I doing something wrong? The 7.3 Release Notes have the following items: * Remove secondary password file capability and pg_password utility (Bruce) * Add variable db_user_namespace for database-local user names (Bruce) > If this feature is indeed no longer supported, is there some other way > that I can allow the same username to have different passwords on > different databases? See the documentation for db_user_namespace: http://www.postgresql.org/docs/8.0/static/runtime-config.html#RUNTIME-CONFIG-CONNECTION-SECURITY > The background is that this is a hosting environment, and each customer is > given one database to use however they want; different human users should > be able to create database users with the same username without > accidentally granting each other rights on their own databases. We > currently do this by maintaining a password file per user/database, and > letting users put whatever usernames and passwords they want into the > password file for their database. If you use db_user_namespace then you might have to provide an interface for users to manage the user names in their databases. One possibility would be to write a set of SECURITY DEFINER functions that execute the correct CREATE USER, DROP USER, etc. commands. -- Michael Fuhr
