From: | Julien Rouhaud <rjuju123(at)gmail(dot)com> |
---|---|
To: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
Cc: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
Subject: | Re: Allow file inclusion in pg_hba and pg_ident files |
Date: | 2022-02-28 11:39:37 |
Message-ID: | 20220228113937.woqvozfmt3k4lrd3@jrouhaud |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hi,
On Wed, Feb 23, 2022 at 09:44:58AM -0800, Nathan Bossart wrote:
>
> > Finally I also added 0003, which is a POC for a new pg_hba_matches() function,
> > that can help DBA to understand why their configuration isn't working as they
> > expect. This only to start the discussion on that topic, the code is for now
> > really hackish, as I don't know how much this is wanted and/or if some other
> > behavior would be better, and there's also no documentation or test. The
> > function for now only takes an optional inet (null means unix socket), the
> > target role and an optional ssl flag and returns the file, line and raw line
> > matching if any, or null. For instance:
>
> I think another use-case for this is testing updates to your configuration
> files. For example, I could ensure that hba_forbid_non_ssl.conf wasn't
> accidentally reverted as part of an unrelated change.
Indeed, that function could really be helpful in many scenario. Note that this
isn't my idea but Magnus idea, which he mentioned quite a long time ago.
From | Date | Subject | |
---|---|---|---|
Next Message | Julien Rouhaud | 2022-02-28 11:42:17 | Re: Allow file inclusion in pg_hba and pg_ident files |
Previous Message | Michael Paquier | 2022-02-28 11:21:32 | Re: psql: Make SSL info display more compact |