Bill Moran wrote: > In response to Tom Lane <tgl@xxxxxxxxxxxxx>: > > > Bill Moran <wmoran@xxxxxxxxxxxxxxxxxxxxxxx> writes: > > > In response to Tom Lane <tgl@xxxxxxxxxxxxx>: > > >> Yeah, but the postmaster can't read pg_authid, nor any other table, > > >> because it's not logically connected to the database. So any change > > >> to pg_authid gets copied to a "flat" ASCII-text file for the postmaster. > > > > > Would using kerberos or some other external auth mechanism work around this? > > > > Kerberos can't read the database directly either, so I'm not sure I see > > your point. > > It's possible that I'm misunderstanding. > > If there's a problem with having large numbers of users in Postgres because > the postmaster has to use a flat file to store them, can one circumvent the > issue by configuring Postgres to use kerberos for auth instead of its > internal mechanisms? Will this eliminate the need for the flat file? No, because Postgres needs to check that the user is present in the internal catalogs anyway. -- Alvaro Herrera http://www.CommandPrompt.com/ The PostgreSQL Company - Command Prompt, Inc.
