1CREATE SCHEMA global ;
2CREATE SCHEMA dns ;
3CREATE SCHEMA topo ;
4CREATE SCHEMA pgauth ;
5
6---------------------------------------------------------------------------
7-- global schema
8---------------------------------------------------------------------------
9
10-- Netmagis users and groups
11-- We can't use names "user" and "group" since they are reserved SQL words
12-- and using them would mean quoting every request.
13
14CREATE SEQUENCE global.seq_nmgroup START 1 ;
15CREATE TABLE global.nmgroup (
16    idgrp	INT			-- group id
17		    DEFAULT NEXTVAL ('global.seq_nmgroup'),
18    name	TEXT,			-- group name
19    p_admin	INT DEFAULT 0,		-- 1 if root, 0 if normal user
20    p_smtp	INT DEFAULT 0,		-- 1 if right to manage SMTP senders
21    p_ttl	INT DEFAULT 0,		-- 1 if right to edit TTL for a host
22    p_mac	INT DEFAULT 0,		-- 1 if right to access MAC module
23    p_genl	INT DEFAULT 0,		-- 1 if right to generate a link number
24
25    UNIQUE (name),
26    PRIMARY KEY (idgrp)
27) ;
28
29CREATE SEQUENCE global.seq_nmuser START 1 ;
30CREATE TABLE global.nmuser (
31    idcor	INT			-- user id
32		    DEFAULT NEXTVAL ('global.seq_nmuser'),
33    login	TEXT,			-- user name
34    present	INT,			-- 1 if present, 0 if no longer here
35    idgrp	INT,			-- group
36
37    UNIQUE (login),
38    FOREIGN KEY (idgrp) REFERENCES global.nmgroup (idgrp),
39    PRIMARY KEY (idcor)
40) ;
41
42-- Template for utmp and wtmp tables
43CREATE TABLE global.tmp (
44    idcor	INT,			-- user
45    token	TEXT NOT NULL,		-- auth token in session cookie
46    start	TIMESTAMP (0) WITHOUT TIME ZONE
47                        DEFAULT CURRENT_TIMESTAMP
48			NOT NULL,	-- login time
49    ip		INET			-- IP address at login time
50) ;
51
52-- Currently logged-in users
53CREATE TABLE global.utmp (
54    casticket	TEXT,			-- CAS service ticket
55    lastaccess	TIMESTAMP (0) WITHOUT TIME ZONE
56                        DEFAULT CURRENT_TIMESTAMP
57			NOT NULL,	-- last access to a page
58
59    FOREIGN KEY (idcor) REFERENCES global.nmuser (idcor),
60    PRIMARY KEY (idcor, token)
61) INHERITS (global.tmp) ;
62
63-- All current and previous users. Table limited to 'wtmpexpire' days
64CREATE TABLE global.wtmp (
65    stop	TIMESTAMP (0) WITHOUT TIME ZONE
66			NOT NULL,	-- logout or last access if expiration
67    stopreason	TEXT NOT NULL,		-- 'logout', 'expired'
68
69    FOREIGN KEY (idcor) REFERENCES global.nmuser (idcor),
70    PRIMARY KEY (idcor, token)
71) INHERITS (global.tmp) ;
72
73-- Failed login attempts
74CREATE TABLE global.authfail (
75    origin	TEXT,			-- login name or IP address
76    otype	TEXT,			-- type of origin ('ip' or 'login')
77    nfail	INTEGER,		-- failed attempts count
78    lastfail	TIMESTAMP (0)		-- date of last failed
79		    WITHOUT TIME ZONE
80		    DEFAULT CURRENT_TIMESTAMP,
81    blockexpire	TIMESTAMP (0) WITHOUT TIME ZONE,
82
83    PRIMARY KEY (origin, otype)
84) ;
85
86-- Netmagis configuration parameters (those which are not in the
87-- configuration file)
88CREATE TABLE global.config (
89    key		TEXT,			-- configuration key
90    value	TEXT,			-- key value
91
92    PRIMARY KEY (key)
93) ;
94
95-- log
96CREATE TABLE global.log (
97    date	TIMESTAMP (0) WITHOUT TIME ZONE
98		    DEFAULT CURRENT_TIMESTAMP
99		    NOT NULL,
100    subsys	TEXT NOT NULL,		-- subsystem ("dns", "topo", etc.)
101    event	TEXT NOT NULL,		-- "addhost", "delalias", etc.
102    login	TEXT,			-- user login
103    ip		INET,			-- IP address
104    msg		TEXT			-- log message
105) ;
106
107---------------------------------------------------------------------------
108-- dns schema
109---------------------------------------------------------------------------
110
111-- domains
112
113CREATE SEQUENCE dns.seq_domain START 1 ;
114CREATE TABLE dns.domain (
115    iddom	INT			-- domain id
116		    DEFAULT NEXTVAL ('dns.seq_domain'),
117    name	TEXT,			-- domain name (ex: "example.com")
118
119    UNIQUE (name),
120    PRIMARY KEY (iddom)
121) ;
122
123-- network, communities and organization descriptions
124
125CREATE SEQUENCE dns.seq_organization START 1 ;
126CREATE TABLE dns.organization (
127    idorg	INT			-- organization id
128		    DEFAULT NEXTVAL ('dns.seq_organization'),
129    name	TEXT,			-- "Example Corp."
130
131    PRIMARY KEY (idorg)
132) ;
133
134CREATE SEQUENCE dns.seq_community START 1 ;
135CREATE TABLE dns.community (
136    idcomm	INT			-- community id
137		    DEFAULT NEXTVAL ('dns.seq_community'),
138    name	TEXT,			-- "Administration"
139
140    PRIMARY KEY (idcomm)
141) ;
142
143CREATE SEQUENCE dns.seq_network START 1 ;
144CREATE TABLE dns.network (
145    idnet	INT			-- network id
146		    DEFAULT NEXTVAL ('dns.seq_network'),
147    name	TEXT,			-- name (ex: "Servers")
148    location	TEXT,			-- location if any
149    addr4	CIDR,			-- IPv4 address range
150    addr6	CIDR,			-- IPv6 address range
151    idorg	INT,			-- organization this network belongs to
152    idcomm	INT,			-- administration, R&D, etc.
153    comment	TEXT,			-- comment
154    dhcp	INT DEFAULT 0,		-- activate DHCP (1) or no (0)
155    gw4		INET,			-- default network IPv4 gateway
156    gw6		INET,			-- default network IPv6 gateway
157
158    CONSTRAINT at_least_one_prefix_v4_or_v6
159	CHECK (addr4 IS NOT NULL OR addr6 IS NOT NULL),
160    CONSTRAINT gw4_in_net CHECK (gw4 <<= addr4),
161    CONSTRAINT gw6_in_net CHECK (gw6 <<= addr6),
162    CONSTRAINT dhcp_needs_ipv4_gateway
163	CHECK (dhcp = 0 OR (dhcp != 0 AND gw4 IS NOT NULL)),
164    FOREIGN KEY (idorg) REFERENCES dns.organization (idorg),
165    FOREIGN KEY (idcomm) REFERENCES dns.community (idcomm),
166    PRIMARY KEY (idnet)
167) ;
168
169
170-- DNS views
171-- There is one entry for each observation point, which means
172-- a class of clients allowed to see informations. For example:
173-- "internal" and "external"
174
175CREATE SEQUENCE dns.seq_view START 1 ;
176CREATE TABLE dns.view (
177    idview	INT			-- view id
178		    DEFAULT NEXTVAL ('dns.seq_view'),
179    name	TEXT,			-- e.g.: "internal", "external"...
180    gendhcp	INT,			-- 1 if dhcp conf must be generated
181
182    UNIQUE (name),
183    PRIMARY KEY (idview)
184) ;
185
186-- DNS zone generation
187
188CREATE SEQUENCE dns.seq_zone START 1 ;
189CREATE TABLE dns.zone (
190    idzone	INT			-- zone id
191		    DEFAULT NEXTVAL ('dns.seq_zone'),
192    name	TEXT,			-- zone name and name of generated file
193    idview	INT,			-- view id
194    version	INT,			-- version number
195    prologue	TEXT,			-- zone prologue (with %ZONEVERSION% pattern)
196    rrsup	TEXT,			-- added to each generated host
197    gen		INT			-- modified since last generation
198) ;
199
200CREATE TABLE dns.zone_forward (
201    selection	TEXT,			-- criterion to select names
202
203    UNIQUE (name),
204    FOREIGN KEY (idview) REFERENCES dns.view (idview),
205    PRIMARY KEY (idzone)
206) INHERITS (dns.zone) ;
207
208CREATE TABLE dns.zone_reverse4 (
209    selection	CIDR,			-- criterion to select addresses
210
211    UNIQUE (name),
212    FOREIGN KEY (idview) REFERENCES dns.view (idview),
213    PRIMARY KEY (idzone)
214) INHERITS (dns.zone) ;
215
216CREATE TABLE dns.zone_reverse6 (
217    selection	CIDR,			-- criterion to select addresses
218
219    UNIQUE (name),
220    FOREIGN KEY (idview) REFERENCES dns.view (idview),
221    PRIMARY KEY (idzone)
222) INHERITS (dns.zone) ;
223
224-- host types
225
226CREATE SEQUENCE dns.seq_hinfo MINVALUE 0 START 0 ;
227CREATE TABLE dns.hinfo (
228    idhinfo	INT			-- host type id
229		    DEFAULT NEXTVAL ('dns.seq_hinfo'),
230    name	TEXT,			-- type as text
231    sort	INT,			-- sort class
232    present	INT,			-- present or not
233    PRIMARY KEY (idhinfo)
234) ;
235
236-- ranges allowed to groups
237
238CREATE TABLE dns.p_network (
239    idgrp	INT,			-- the group which manages this network
240    idnet	INT,			-- the network
241    sort	INT,			-- sort class
242    dhcp	INT DEFAULT 0,		-- perm to manage DHCP ranges
243    acl		INT DEFAULT 0,		-- perm to manage ACL (later...)
244
245    FOREIGN KEY (idgrp) REFERENCES global.nmgroup (idgrp),
246    FOREIGN KEY (idnet) REFERENCES dns.network (idnet),
247    PRIMARY KEY (idgrp, idnet)
248) ;
249
250-- domains allowed to groups
251
252CREATE TABLE dns.p_dom (
253    idgrp	INT,			-- group
254    iddom	INT,			-- domain id
255    sort	INT,			-- sort class
256    mailrole	INT DEFAULT 0,		-- perm to manage mail roles
257
258    FOREIGN KEY (idgrp) REFERENCES global.nmgroup (idgrp),
259    PRIMARY KEY (idgrp, iddom)
260) ;
261
262-- IP ranges allowed to groups
263
264CREATE TABLE dns.p_ip (
265    idgrp	INT,			-- group
266    addr	CIDR,			-- network range
267    allow_deny	INT,			-- 1 = allow, 0 = deny
268
269    FOREIGN KEY (idgrp) REFERENCES global.nmgroup (idgrp),
270    PRIMARY KEY (idgrp, addr)
271) ;
272
273-- views allowed to groups
274
275CREATE TABLE dns.p_view (
276    idgrp	INT,			-- group
277    idview	INT,			-- the view
278    sort	INT,			-- sort class
279    selected	INT,			-- selected by default in menus
280
281    FOREIGN KEY (idgrp) REFERENCES global.nmgroup (idgrp),
282    FOREIGN KEY (idview) REFERENCES dns.view (idview),
283    PRIMARY KEY (idgrp, idview)
284) ;
285
286
287-- DHCP profiles
288
289CREATE SEQUENCE dns.seq_dhcpprofile START 1 ;
290CREATE TABLE dns.dhcpprofile (
291    iddhcpprof	INT			-- DHCP profile id
292		    DEFAULT NEXTVAL ('dns.seq_dhcpprofile'),
293    name 	TEXT UNIQUE,		-- DHCP profile name
294    text	TEXT,			-- text to add before host declarations
295
296    CHECK (iddhcpprof >= 1),
297    PRIMARY KEY (iddhcpprof)
298) ;
299
300-- DHCP profiles allowed to groups
301
302CREATE TABLE dns.p_dhcpprofile (
303    idgrp	INT,			-- group
304    iddhcpprof	INT,			-- DHCP profile
305    sort	INT,			-- sort class
306
307    FOREIGN KEY (idgrp)      REFERENCES global.nmgroup  (idgrp),
308    FOREIGN KEY (iddhcpprof) REFERENCES dns.dhcpprofile (iddhcpprof),
309    PRIMARY KEY (idgrp, iddhcpprof)
310) ;
311
312-- DHCP dynamic ranges
313
314CREATE SEQUENCE dns.seq_dhcprange START 1 ;
315CREATE TABLE dns.dhcprange (
316    iddhcprange	INT			-- for store-tabular use
317		    DEFAULT NEXTVAL ('dns.seq_dhcprange'),
318    min 	INET UNIQUE,		-- min address of range
319    max		INET UNIQUE,		-- max address of range
320    iddom	INT,			-- domain returned by DHCP server
321    default_lease_time	INT DEFAULT 0,	-- unit = second
322    max_lease_time	INT DEFAULT 0,	-- unit = second
323    iddhcpprof	INT,			-- DHCP profile for this range
324
325    CHECK (min <= max),
326    FOREIGN KEY (iddom) REFERENCES dns.domain (iddom),
327    FOREIGN KEY (iddhcpprof) REFERENCES dns.dhcpprofile (iddhcpprof),
328    PRIMARY KEY (iddhcprange)
329) ;
330
331-- Resource records
332
333CREATE SEQUENCE dns.seq_rr START 1 ;
334CREATE TABLE dns.rr (
335    idrr	INT			-- RR id
336		    DEFAULT NEXTVAL ('dns.seq_rr'),
337    name	TEXT,			-- name of RR (first component)
338    iddom	INT,			-- domain name of RR
339    idview	INT,			-- view id
340
341    mac		MACADDR,		-- MAC address or NULL
342    iddhcpprof	INT,			-- DHCP profile or NULL
343
344    idhinfo	INT DEFAULT 0,		-- host type
345    comment	TEXT,			-- comment
346    respname	TEXT,			-- name of responsible person
347    respmail	TEXT,			-- mail address of responsible person
348
349    idcor	INT,			-- last mod author
350    date	TIMESTAMP (0) WITHOUT TIME ZONE		-- last mod date
351		    DEFAULT CURRENT_TIMESTAMP,
352    sendsmtp	INT DEFAULT 0,		-- 1 if this host may emit with SMTP
353    ttl		INT DEFAULT -1,		-- TTL if different from zone TTL
354
355    FOREIGN KEY (idcor)      REFERENCES global.nmuser   (idcor),
356    FOREIGN KEY (iddom)      REFERENCES dns.domain      (iddom),
357    FOREIGN KEY (idview)     REFERENCES dns.view        (idview),
358    FOREIGN KEY (iddhcpprof) REFERENCES dns.dhcpprofile (iddhcpprof),
359    FOREIGN KEY (idhinfo)    REFERENCES dns.hinfo       (idhinfo),
360    UNIQUE (name, iddom, idview),
361    -- MAC address should be unique in a view
362    UNIQUE (mac, idview),
363    PRIMARY KEY (idrr)
364) ;
365
366CREATE TABLE dns.rr_ip (
367    idrr	INT,			-- RR
368    addr	INET,			-- IP (v4 or v6) address
369
370    FOREIGN KEY (idrr)   REFERENCES dns.rr (idrr),
371    PRIMARY KEY (idrr, addr)
372) ;
373
374CREATE TABLE dns.rr_cname (
375    idrr	INT,			-- RR
376    cname	INT,			-- pointed RR id
377
378    FOREIGN KEY (idrr)   REFERENCES dns.rr (idrr),
379    FOREIGN KEY (cname)  REFERENCES dns.rr (idrr),
380    PRIMARY KEY (idrr)
381) ;
382
383CREATE TABLE dns.rr_mx (
384    idrr	INT,			-- RR
385    prio	INT,			-- priority
386    mx		INT,			-- pointed RR id
387
388    FOREIGN KEY (idrr)   REFERENCES dns.rr (idrr),
389    FOREIGN KEY (mx)     REFERENCES dns.rr (idrr),
390    PRIMARY KEY (idrr, mx)
391) ;
392
393-- Mail roles
394CREATE TABLE dns.mail_role (
395    mailaddr	INT,			-- id of "mail address"
396    mboxhost	INT,			-- RR holding mboxes for this address
397
398    FOREIGN KEY (mailaddr) REFERENCES dns.rr (idrr),
399    FOREIGN KEY (mboxhost) REFERENCES dns.rr (idrr),
400    PRIMARY KEY (mailaddr)
401) ;
402
403-- Mail relays for a domain
404CREATE TABLE dns.relay_dom (
405    iddom	INT,			-- domain id
406    prio	INT,			-- MX priority
407    mx		INT,			-- relay host for this domain
408
409    FOREIGN KEY (iddom)  REFERENCES dns.domain  (iddom),
410    FOREIGN KEY (mx)     REFERENCES dns.rr      (idrr),
411    PRIMARY KEY (iddom, mx)
412) ;
413
414---------------------------------------------------------------------------
415-- topo schema
416---------------------------------------------------------------------------
417
418-- Modified equipement spool
419
420CREATE TABLE topo.modeq (
421    eq		TEXT,			-- fully qualified equipement name
422    date	TIMESTAMP (0)		-- detection date
423		    WITHOUT TIME ZONE
424		    DEFAULT CURRENT_TIMESTAMP,
425    login	TEXT,			-- detected user
426    processed	INT DEFAULT 0
427) ;
428
429CREATE INDEX modeq_index ON topo.modeq (eq) ;
430
431-- Interface change request spool
432
433CREATE TABLE topo.ifchanges (
434    login	TEXT,			-- requesting user
435    reqdate	TIMESTAMP (0)		-- request date
436		    WITHOUT TIME ZONE
437		    DEFAULT CURRENT_TIMESTAMP,
438    eq		TEXT,			-- fully qualified equipement name
439    iface	TEXT,			-- interface name
440    ifdesc	TEXT,			-- interface description
441    ethervlan	INT,			-- access vlan id
442    voicevlan	INT,			-- voice vlan id
443    processed	INT DEFAULT 0,		-- modification processed
444    moddate	TIMESTAMP (0)		-- modification (or last attempt) date
445		     WITHOUT TIME ZONE,
446    modlog	TEXT,			-- modification (or last attempt) log
447
448    PRIMARY KEY (eq, reqdate, iface)
449) ;
450
451-- Last rancid run
452
453CREATE TABLE topo.lastrun (
454    date	TIMESTAMP (0)		-- detection date
455		    WITHOUT TIME ZONE
456) ;
457
458-- Keepstate events
459
460CREATE TABLE topo.keepstate (
461    type	TEXT,			-- "rancid", "anaconf"
462    message	TEXT,			-- last message
463    date	TIMESTAMP (0)		-- first occurrence of this message
464		    WITHOUT TIME ZONE
465		    DEFAULT CURRENT_TIMESTAMP,
466
467    PRIMARY KEY (type)
468) ;
469
470-- Users to ignore : don't log any event in the modified equipement spool
471-- for these users because we know they have only a read-only access to the
472-- equipements
473
474CREATE TABLE topo.ignoreequsers (
475    login	TEXT UNIQUE NOT NULL		-- user login
476) ;
477
478-- Access rights to equipements
479
480CREATE TABLE topo.p_eq (
481    idgrp	INT,			-- group upon which this access right applies
482    rw		INT,			-- 0 : read, 1 : write
483    pattern	TEXT NOT NULL,		-- regular expression
484    allow_deny	INT,			-- 1 = allow, 0 = deny
485
486    FOREIGN KEY (idgrp) REFERENCES global.nmgroup (idgrp)
487) ;
488
489-- Access rights to L2-only networks
490
491CREATE TABLE topo.p_l2only (
492    idgrp	INT,			-- group upon which this access right applies
493    vlanid	INT,			-- 1...4094
494
495    PRIMARY KEY (idgrp, vlanid),
496    FOREIGN KEY (idgrp) REFERENCES global.nmgroup (idgrp)
497) ;
498
499-- Sensor definition
500
501-- type trafic
502--	iface = iface[.vlan]
503--	param = NULL
504-- type number of assoc wifi
505--	iface = iface
506--	ssid
507-- type number of auth wifi
508--	iface = iface
509--	param = ssid
510-- type broadcast traffic
511--	iface = iface[.vlan]
512--	param = NULL
513-- type multicast traffic
514--	iface = iface[.vlan]
515--	param = NULL
516
517CREATE TABLE topo.sensor (
518    id		TEXT,			-- M1234
519    type	TEXT,			-- trafic, nbassocwifi, nbauthwifi, etc.
520    eq		TEXT,			-- fqdn
521    comm	TEXT,			-- snmp communuity
522    iface	TEXT,
523    param	TEXT,
524    lastmod	TIMESTAMP (0)		-- last modification date
525		    WITHOUT TIME ZONE
526		    DEFAULT CURRENT_TIMESTAMP,
527    lastseen	TIMESTAMP (0)		-- last detection date
528		    WITHOUT TIME ZONE
529		    DEFAULT CURRENT_TIMESTAMP,
530
531    PRIMARY KEY (id)
532) ;
533
534
535-- Topod file monitor
536
537CREATE TABLE topo.filemonitor (
538	path	TEXT,			-- path to file or directory
539	date	TIMESTAMP (0)		-- last modification date
540		    WITHOUT TIME ZONE
541		    DEFAULT CURRENT_TIMESTAMP,
542
543	PRIMARY KEY (path)
544) ;
545
546-- Vlan table
547
548CREATE TABLE topo.vlan (
549	vlanid	INT,			-- 1..4094
550	descr	TEXT,			-- description
551	voip	INT DEFAULT 0,		-- 1 if VoIP vlan, 0 if standard vlan
552
553	PRIMARY KEY (vlanid)
554) ;
555
556-- Equipment types and equipment list to create rancid router.db file
557
558CREATE SEQUENCE topo.seq_eqtype START 1 ;
559
560CREATE TABLE topo.eqtype (
561    idtype	INTEGER			-- type id
562		    DEFAULT NEXTVAL ('topo.seq_eqtype'),
563    type	TEXT,			-- cisco, hp, juniper, etc.
564
565    UNIQUE (type),
566    PRIMARY KEY (idtype)
567) ;
568
569CREATE SEQUENCE topo.seq_eq START 1 ;
570
571CREATE TABLE topo.eq (
572    ideq	INTEGER			-- equipment id
573		    DEFAULT NEXTVAL ('topo.seq_eq'),
574    eq		TEXT,			-- fqdn
575    idtype	INTEGER,
576    up		INTEGER,		-- 1 : up, 0 : 0
577
578    FOREIGN KEY (idtype) REFERENCES topo.eqtype (idtype),
579    UNIQUE (eq),
580    PRIMARY KEY (ideq)
581) ;
582
583CREATE SEQUENCE topo.seq_confcmd START 1 ;
584
585CREATE TABLE topo.confcmd (
586    idccmd	INTEGER			-- entry id
587		    DEFAULT NEXTVAL ('topo.seq_confcmd'),
588    idtype	INTEGER,		-- equipment type
589    action	TEXT,			-- action selector : prologue, ifreset
590    rank	INTEGER,		-- sort order
591    model	TEXT,			-- regexp matching equipment model
592    command	TEXT,			-- command to send
593
594    FOREIGN KEY (idtype) REFERENCES topo.eqtype (idtype),
595    PRIMARY KEY (idccmd)
596) ;
597
598-- graphviz attributes for equipements in L2 graphs
599CREATE TABLE topo.dotattr (
600    rank	INTEGER,		-- sort order
601    type	INTEGER,		-- 2: l2, 3: l3 graph
602    regexp	TEXT,			-- regexp
603    gvattr	TEXT,			-- graphviz node attributes
604    png		BYTEA,			-- PNG generated by graphviz
605
606    PRIMARY KEY (rank)
607) ;
608
609-- link number and description
610CREATE SEQUENCE topo.seq_link START 1 ;
611CREATE TABLE topo.link (
612    idlink	INT             -- group id
613		     DEFAULT NEXTVAL ('topo.seq_link'),
614    descr	TEXT,           -- link description
615
616    PRIMARY KEY (idlink)
617) ;
618
619---------------------------------------------------------------------------
620-- pgauth schema
621---------------------------------------------------------------------------
622
623CREATE TABLE pgauth.user (
624    login	TEXT,			-- login name
625    password	TEXT,			-- crypted password
626    lastname	TEXT,			-- last name
627    firstname	TEXT,			-- first name
628    mail	TEXT,			-- mail address
629    phone	TEXT,			-- telephone number
630    mobile	TEXT,			-- mobile phone number
631    fax		TEXT,			-- facsimile number
632    addr	TEXT,			-- postal address
633    -- columns automatically managed by triggers
634    phlast	TEXT,			-- phonetical last name
635    phfirst	TEXT,			-- phonetical first name
636
637    PRIMARY KEY (login)
638) ;
639
640CREATE TABLE pgauth.realm (
641    realm	TEXT,			-- realm name
642    descr	TEXT,			-- realm description
643    admin	INT,			-- 1 if admin
644
645    PRIMARY KEY (realm)
646) ;
647
648CREATE TABLE pgauth.member (
649    login	TEXT,			-- login name
650    realm	TEXT,			-- realm of this login
651
652    FOREIGN KEY (login) REFERENCES pgauth.user (login),
653    FOREIGN KEY (realm) REFERENCES pgauth.realm (realm),
654    PRIMARY KEY (login, realm)
655) ;
656