Re: [HACKERS] Is "trust" really a good default?

Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> Magnus Hagander wrote:
>> Might still be worth adding "--ident" as a parameter anyway, but in that
>> case only to help the distros that need it. Or not, because they already
>> have a way to deal with it.

> I think --ident would be very helpful, and we know with OS's support
> ident too.

If we're going to be doing sed-like substitutions on pg_hba.conf.sample,
then we really really wanna discourage distros from hacking the sample
file directly, because that could break the sed results. So I think
it's important to provide the switch.

I was toying with the notion of a different editing mechanism though,
so that initdb could emit a pg_hba.conf containing comments that are
actually pertinent to the selected behavior. One simple way would be to
prefix each line with a keyword to select when to emit it:
ALWAYS this text is always emitted
NEVER this text is never emitted (a meta-comment)
TRUST this text is emitted if we're selecting TRUST mode
IDENT this text is emitted if we're selecting IDENT mode
etc.

regards, tom lane