Re: pg_hba.conf hostname todo

Stephen Frost wrote:
> * Andrew Dunstan (andrew(at)dunslane(dot)net) wrote:
>
>> Before we rehearse the discussion we had in June again, please review
>> it. It ended on these sensible words from Tom at
>> http://archives.postgresql.org/pgsql-hackers/2006-02/msg00550.php :
>>
>
> I'd have to disagree with this sentiment and agree with Gregory's
> followup here:
> http://archives.postgresql.org/pgsql-hackers/2006-02/msg00553.php
>

I don't know that there is a contradiction.

Frankly, any auth scheme based much on the client address or name is
suspect, in my view. Organisations like those he refers to can simply
put in a wildcard rule along with strong auth requirements and never
have to bother. This is not like having to specify what address a client
has to connect to.
>
>>>> Personally, I doubt there's any great use case for DNS names. Like Tom
>>>> says, if it involves much more that removing the AI_NUMERICHOST hint
>>>> then let's forget it.
>>>>
>>> Perhaps more to the point: let's do that and wait to see if the field
>>> demand justifies expending lots of sweat on anything smarter. Given
>>> that we've gone this long with only allowing numeric IPs in pg_hba.conf,
>>> I suspect we'll find that few people really care.
>>>
>
> I don't see that this argument really makes all that much sense- not
> doing it properly and then waiting to see if people use it isn't exactly
> how I'd go about finding out if people want it.
>
>

It depends on what you define as "properly".

If you want to include the use of wildcards, then you need a heck of a
lot more logic and processing. But we've hardly had people banging on
the doors demanding this.

cheers

andrew