| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Providing catalog view to pg_hba.conf file - Patch submission |
| Date: | 2015-02-27 18:14:13 |
| Message-ID: | CABUevEzON-gPXiDP3cAQYqMq0=6dG0WecrRGNO=Y6mz40JafSg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Feb 27, 2015 at 12:48 PM, Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com
> wrote:
> On 27.2.2015 17:59, Stephen Frost wrote:
> > All,
> >
> > * Tomas Vondra (tomas(dot)vondra(at)2ndquadrant(dot)com) wrote:
> >>
> >> The other feature that'd be cool to have is a debugging function
> >> on top of the view, i.e. a function pg_hba_check(host, ip, db,
> >> user, pwd) showing which hba rule matched. But that's certainly
> >> nontrivial.
> >
> > I'm not sure that I see why, offhand, it'd be much more than trivial
> > ...
>
> From time to time I have to debug why are connection attempts failing,
> and with moderately-sized pg_hba.conf files (e.g. on database servers
> shared by multiple applications) that may be tricky. Identifying the
> rule that matched (and rejected) the connection would be helpful.
>
If you did actually get a rejected connection, you get that in the log (as
of 9.3, iirc). Such a function would make it possible to test it without
having failed first though :)
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tomas Vondra | 2015-02-27 18:18:51 | Re: logical column ordering |
| Previous Message | Alvaro Herrera | 2015-02-27 17:51:18 | Re: POLA violation with \c service= |