| From: | Glyn Astill <glynastill(at)yahoo(dot)co(dot)uk> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "pgsql-admin(at)postgresql(dot)org" <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Adding line to pg_hba.conf for a specific group makes superuser authentication fail in 9.0? |
| Date: | 2011-07-27 16:39:45 |
| Message-ID: | 1311784785.5983.YahooMailNeo@web26004.mail.ukl.yahoo.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
> From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
>G lyn Astill <glynastill(at)yahoo(dot)co(dot)uk> writes:
>> I'm having what's hopefully a fairly trivial issue here with
> pg_hba.conf in 9.0.4; when I add in the following line
>
>> host all +ad_users 10.10.0.0/16 ldap <ldap
> details>
>
>> If I try to log in with a superuser account from the 10.10.0.0/16 network
> it appears to try to authenticate it against that entry via ldap.
>
>> This didn't happen in 8.4.8, what could I be missing?
>
> Well, a superuser is automatically considered a member of any group,
> so a match to that line would be expected IMO. If you don't want that,
> you need some more-specific line ahead of it to catch superusers.
>
> regards, tom lane
>
Well that's all new to me, surely this is a bug?
How can I specifically catch superusers?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kevin Grittner | 2011-07-27 16:50:06 | Re: Adding line to pg_hba.conf for a specific group makes superuser authentication fail in 9.0? |
| Previous Message | A J | 2011-07-27 16:33:49 | test commit_delay |