Magnus Hagander wrote: > On Sun, Oct 14, 2007 at 06:16:04PM -0400, Stephen Frost wrote: >> * Tom Lane ([EMAIL PROTECTED]) wrote: >>>> Stephen Frost <[EMAIL PROTECTED]> writes: >>>>> I wonder if the OP was unhappy because he created a role w/ a pw and >>>>> then couldn't figure out why the user couldn't log in? >>>> Hm, maybe. In that case just not filtering the entry out of the flat >>>> file would be good enough. >>> I've confirmed the confusing behavior in CVS HEAD. With password auth >>> selected in pg_hba.conf: >> [...] >>> Should we just do this, or is it worth working harder? >> I certainly like this. Honestly, I'd also like the warning when doing a >> 'create role'/'alter role' that sets/changes the pw on an account that >> doesn't have 'rolcanlogin'. Much better to have me notice that I goof'd >> the command and fix it before telling the user 'go ahead and log in' >> than to have the user complain that it's not working. :) >> >> Just my 2c. > > I think that's a good idea. Attached is a patch that implements this (I > think - haven't messed around in that area of the code before). Thoughts?
Is WARNING an appropriate level for this? I think NOTICE is enough, it's not like something bad is going to happen if you do that, it just means that you've likely screwed up. There's legitimate use for creating a role with NOLOGIN and a password. Maybe you're going to give login privilege later on. It wouldn't be nice to get WARNINGs in that case, even NOTICEs would be sligthly annoying. Note that per-role guc variables will also have no effect on a role with no login privilege. How about connection limit, is that inherited? -- Heikki Linnakangas EnterpriseDB http://www.enterprisedb.com ---------------------------(end of broadcast)--------------------------- TIP 6: explain analyze is your friend
