Bill Moran wrote: > In response to Tom Lane <[EMAIL PROTECTED]>: > > > Bill Moran <[EMAIL PROTECTED]> writes: > > > In response to Tom Lane <[EMAIL PROTECTED]>: > > >> Yeah, but the postmaster can't read pg_authid, nor any other table, > > >> because it's not logically connected to the database. So any change > > >> to pg_authid gets copied to a "flat" ASCII-text file for the postmaster. > > > > > Would using kerberos or some other external auth mechanism work around > > > this? > > > > Kerberos can't read the database directly either, so I'm not sure I see > > your point. > > It's possible that I'm misunderstanding. > > If there's a problem with having large numbers of users in Postgres because > the postmaster has to use a flat file to store them, can one circumvent the > issue by configuring Postgres to use kerberos for auth instead of its > internal mechanisms? Will this eliminate the need for the flat file?
No, because Postgres needs to check that the user is present in the internal catalogs anyway. -- Alvaro Herrera http://www.CommandPrompt.com/ The PostgreSQL Company - Command Prompt, Inc. ---------------------------(end of broadcast)--------------------------- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
