| From: | Simon Riggs <simon(at)2ndquadrant(dot)com> |
|---|---|
| To: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: TODO Item: Allow pg_hba.conf to specify host names along with IP addresses |
| Date: | 2008-06-13 19:51:19 |
| Message-ID: | 1213386679.25121.240.camel@ebony.site |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, 2008-06-13 at 13:26 -0400, Andrew Sullivan wrote:
> On Fri, Jun 13, 2008 at 12:47:22PM -0400, Andrew Dunstan wrote:
> > The reason it wasn't done years ago was that there was disagreement on the
> > way it should work. And the TODO actually lists several alternatives:
> >
> > Host name lookup could occur when the postmaster reads the
> > pg_hba.conf file, or when the backend starts. Another solution would
>
> It needs to happen at authentication time. I'm not sure whether
> "reads the pg_hba.conf" or "backend starts" is the right way to say
> that, but it must happen only when you're actually authenticating the
> host entry.
The best of both ideas would be to have an option inside pg_hab.conf to
indicate when lookup occurs. Some parts of a network are static, others
are not, so a global option would not be useful.
The default should be at authentication time as Andrew Sullivan
suggests, so that correctness is the default. If the user knows a
portion of their network is static, then the lookups can be done ahead
of connection time to reduce connection latency, as Andrew Dunstan
suggests.
--
Simon Riggs www.2ndQuadrant.com
PostgreSQL Training, Services and Support
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dickson S. Guedes | 2008-06-13 19:54:20 | Re: TODO Item: Allow pg_hba.conf to specify host names along with IP addresses |
| Previous Message | Tom Lane | 2008-06-13 19:47:47 | Re: pg_stat_statements |