| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Kurt Roeckx <Q(at)ping(dot)be> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: pg_hba.conf hostmask. |
| Date: | 2003-02-03 00:52:34 |
| Message-ID: | 200302030052.h130qYh04719@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Kurt Roeckx wrote:
> Currently in pg_hba.conf you specify the ip addresses that can
> connect with 2 fields: the ip address and the mask.
>
> What do you think about changing it to ip address/mask? Where
> mask can be both the current mask, or the prefix length.
>
> It's so much handier to use, especially for ipv6.
Yes, some have asked about this. My understanding was that CIDR
(host/len) was mostly for networks, while hostname/mask was for hosts.
Now, you can specify hosts using /32, but is is unusual? Maybe not. We
basically have columns in pg_hba.conf that can specify either hosts or
networks, so I suppose either should work. One neat trick would be to
allow both, and I think I can easily code that up. If you specify a '/'
and value after the host address, you don't use a netmask value. How is
that?
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2003-02-03 00:55:32 | Re: PGP signing releases |
| Previous Message | Neil Conway | 2003-02-03 00:39:00 | PGP signing releases |