| From: | Bart Samwel <bart(at)samwel(dot)tk> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Hostnames in pg_hba.conf |
| Date: | 2010-02-11 22:02:56 |
| Message-ID: | ded01eb21002111402hf939f5fr1fa16a1fd36f590d@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Feb 11, 2010 at 17:21, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Bart Samwel <bart(at)samwel(dot)tk> writes:
> > I've been working on a patch to add hostname support to pg_hba.conf.
>
> Have you read the previous discussions about that?
>
Yes, mostly.
The previous discussions included all sorts of complex stuff such as
wildcards. Personally, I'd think that in the cases where you'd want
wildcards, then you should use IP / netmask configuration, because that's a
way better indicator of "something that comes from the same source network
entity". For instance, wildcards are nice for "all our own servers", except
that you'd normally use IP / netmaks to indicate your own server subnet.
The way I see it, hostname based configuration should be plain and simple.
You suggested in one of the earlier discussions that it should not be much
more than removing the AI_NUMERICHOST hint in the lookup. My current
solution is slightly more involved, since it performs the by-hostname lookup
at check time, not at pg_hba.conf read time -- but there is not much more
complexity involved. If there is a case for more complexity, then we will
hear the actual use cases after this basic support is added, I guess.
Cheers,
Bart
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bart Samwel | 2010-02-11 22:12:35 | Re: Hostnames in pg_hba.conf |
| Previous Message | Mark Mielke | 2010-02-11 22:01:44 | Re: Hostnames in pg_hba.conf |