I think I have figured out a way to do this efficiently. Instead of making pg_group with groupname/username on each line, I will do groupname/username,username, ... so I can spin through the group token file much quicker; that way, I can read just retokenize pg_group and spin through it for each connection. I think that is the way to go.
--------------------------------------------------------------------------- Bruce Momjian wrote: > I am adding users and groups to pg_hba.conf. The coding is done but I > am stuck on a reload issue. > > As you may know, 7.2 tokenizes pg_hba.conf once, and reads those tokens > to test every connection request. I have added code to dump the > group/user mappings into global/pg_group and the postmaster can read > that file and substitute group names for users lists during > tokenization. > > I have also added code to dump a new pg_group every time a group/user is > modified. (Users have to be done because of user renaming.) > > The problem is when to retokenize pg_hba.conf after a new pg_group is > made. Seems I can either force administrators to 'pg_ctl reload' to > update for group changes, or automatically retokenize pg_hba.conf every > time I update pg_group. (We don't have any way of handling user renames > in pg_hba.conf because we enter those as strings, but pg_group will > handle them.) > > Does anyone see another option? I can write code so only pg_global is > retokenized, but right now the user tokens are pulled out for the > matching group and inlined into the token stream. If I have a separate > token tree for pg_group, each connection will have to spin through the > tokens looking for matching group names. I suppose it isn't a big deal, > but I want to make sure we want to prevent auto-reloading of pg_hba.conf > on user/group changes, and just reload pg_group. > > -- > Bruce Momjian | http://candle.pha.pa.us > [EMAIL PROTECTED] | (610) 853-3000 > + If your life is a hard drive, | 830 Blythe Avenue > + Christ can be your backup. | Drexel Hill, Pennsylvania 19026 > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Don't 'kill -9' the postmaster > -- Bruce Momjian | http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026 ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
