Re: Adding line to pg_hba.conf for a specific group makes superuser authentication fail in 9.0?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Glyn Astill <glynastill(at)yahoo(dot)co(dot)uk>
Cc: "pgsql-admin(at)postgresql(dot)org" <pgsql-admin(at)postgresql(dot)org>
Subject: Re: Adding line to pg_hba.conf for a specific group makes superuser authentication fail in 9.0?
Date: 2011-07-27 16:32:01
Message-ID: 10638.1311784321@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

Glyn Astill <glynastill(at)yahoo(dot)co(dot)uk> writes:
> I'm having what's hopefully a fairly trivial issue here with pg_hba.conf in 9.0.4; when I add in the following line

> host all +ad_users 10.10.0.0/16 ldap <ldap details>

> If I try to log in with a superuser account from the 10.10.0.0/16 network it appears to try to authenticate it against that entry via ldap.

> This didn't happen in 8.4.8, what could I be missing?

Well, a superuser is automatically considered a member of any group,
so a match to that line would be expected IMO. If you don't want that,
you need some more-specific line ahead of it to catch superusers.

regards, tom lane

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message A J 2011-07-27 16:33:49 test commit_delay
Previous Message Glyn Astill 2011-07-27 16:27:23 Adding line to pg_hba.conf for a specific group makes superuser authentication fail in 9.0?