| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Problem with reloading groups in pg_hba.conf |
| Date: | 2002-03-21 08:42:25 |
| Message-ID: | 200203210842.g2L8gPF26715@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
I think I have figured out a way to do this efficiently. Instead of
making pg_group with groupname/username on each line, I will do
groupname/username,username, ... so I can spin through the group token
file much quicker; that way, I can read just retokenize pg_group and
spin through it for each connection. I think that is the way to go.
---------------------------------------------------------------------------
Bruce Momjian wrote:
> I am adding users and groups to pg_hba.conf. The coding is done but I
> am stuck on a reload issue.
>
> As you may know, 7.2 tokenizes pg_hba.conf once, and reads those tokens
> to test every connection request. I have added code to dump the
> group/user mappings into global/pg_group and the postmaster can read
> that file and substitute group names for users lists during
> tokenization.
>
> I have also added code to dump a new pg_group every time a group/user is
> modified. (Users have to be done because of user renaming.)
>
> The problem is when to retokenize pg_hba.conf after a new pg_group is
> made. Seems I can either force administrators to 'pg_ctl reload' to
> update for group changes, or automatically retokenize pg_hba.conf every
> time I update pg_group. (We don't have any way of handling user renames
> in pg_hba.conf because we enter those as strings, but pg_group will
> handle them.)
>
> Does anyone see another option? I can write code so only pg_global is
> retokenized, but right now the user tokens are pulled out for the
> matching group and inlined into the token stream. If I have a separate
> token tree for pg_group, each connection will have to spin through the
> tokens looking for matching group names. I suppose it isn't a big deal,
> but I want to make sure we want to prevent auto-reloading of pg_hba.conf
> on user/group changes, and just reload pg_group.
>
> --
> Bruce Momjian | http://candle.pha.pa.us
> pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
> + If your life is a hard drive, | 830 Blythe Avenue
> + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster
>
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Luis Alberto Amigo Navarro | 2002-03-21 08:48:11 | Re: Fw: Fw: bad performance on irix |
| Previous Message | Bruce Momjian | 2002-03-21 08:36:23 | Problem with reloading groups in pg_hba.conf |