From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, Bruce Momjian <bruce(at)momjian(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Indent authentication overloading |
Date: | 2011-03-14 13:45:26 |
Message-ID: | AANLkTin3CsscB1aM10uUv2KgkU-aHsY=rT4SiQk2idoc@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, Mar 14, 2011 at 14:43, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> On Mon, Mar 14, 2011 at 5:18 AM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
>> On Fri, Mar 11, 2011 at 15:36, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
>>> On tor, 2011-03-10 at 22:45 +0100, Magnus Hagander wrote:
>>>> On Thu, Mar 10, 2011 at 22:22, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
>>>> >
>>>> > Added to TODO:
>>>> >
>>>> > Rename unix domain socket 'ident' connections to 'peer', to avoid
>>>> > confusion with TCP 'ident'
>>>>
>>>> Should we consider adding "peer" as an alias for "ident" already in
>>>> 9.1 (and change the default pg_hba.conf template), and then deprecate
>>>> ident for 9.2 and remove it in 9.3 or something? By adding the alias
>>>> now (yes, I know it's not in the last CF :P), we can move what's going
>>>> to be a long process up one release...
>>>
>>> Might as well, if you can get it done soon. The documentation might
>>> need more extensive adjustments.
>>
>> The code itself is pretty easy and localized, AFAICT. Attached is a
>> patch taht implements "peer" for local connections, and automatically
>> maps "ident" on local sockets to that (with a log message saying it
>> did).
>>
>> If people want this to go in, I'll go over the documentation as well -
>> as you say, that might need some more changes, but we're not as
>> time-critical on that (meaning we can keep polishing it through beta).
>>
>> Also, I'd like to get around to making "initdb -A ident" automatically
>> put "peer" for local sockets as well, which is not included in this
>> patch but should be a very simple change.
>>
>> So. Thoughts?
>
> The log message is an absolute non-starter. You're going to get that
> on every backend startup on Windows, I believe.
No, you're not. Because we don't do unix sockets on windows, for
obvious reasons.
You *would* get it on all RPM based installations, or DEB based
installations, on *unix*, unless the patch to initdb is done (which it
is now actually, just wasn't when I posted)
That said, it can easily be removed.
> Also, the text is not accurate: nothing has been automatically changed
> to anything. The pg_hba.conf file is just as it was. You could say
> something like "ident" authentication on local socket treated as
> "peer", but I think a better idea would be to just remove this message
> altogether. I see zero reason to force someone who has a pg_hba.conf
> file that they have been using for years and are happy with to make
> trivial changes to it on our account, and I'd be perfectly happy to
> silently treat ident on a local socket as peer forever, while gently
> encouraging the use of the newer term in our documentation.
The idea being to let people know it's been deprecated, nothing else.
But sure, we can just remove the message - at elast for now, and maybe
add it $n releases down the road when people are expected to have
changed over.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
From | Date | Subject | |
---|---|---|---|
Next Message | Andrew Dunstan | 2011-03-14 13:47:10 | Re: Macros for time magic values |
Previous Message | Robert Haas | 2011-03-14 13:43:05 | Re: Indent authentication overloading |