Skip site navigation (1) Skip section navigation (2)

pg_hba.conf

From: Dick Davies <rasputnik(at)hellooperator(dot)net>
To: PostgreSQL Admin <pgsql-admin(at)postgresql(dot)org>
Subject: pg_hba.conf
Date: 2005-02-22 11:56:41
Message-ID: 20050222115641.GR66519@eris.tenfour (view raw or flat)
Thread:
Lists: pgsql-admin
Just needed clarification on how pg_hba.conf operates.
Does a specific host take precedence over a more general network setting?

The local socket is only accessible to a certain group, but I don't want
the overhead of SSL for loopback connections. If I connect to the server 
from the local machine, the connections show up as (eg) 10.2.3.4, the NIC
ip.

I was hoping the more specific 'host' entry would take entry over the universal
'hostssl' entry, but it does'nt seem to...

I have this:

root(at)eris:postgresql80-server$ cat /opt/pgsql/data/pg_hba.conf
# TYPE     DATABASE    USER        IP-ADDRESS      METHOD
local      all         all                         trust
host    all         all         10.2.3.4/32   md5
hostssl    all         all      0.0.0.0/0   md5

Is there a way to say 'all IP traffic should be encrypted except one IP' that
I'm missing?

I know I could just add the local process into the dba group, but the app doesn't 
reconnect if the socket goes away on a db restart, so that's not ideal...


-- 
'That question was less stupid; though you asked it in a profoundly stupid way.'
		-- Prof. Farnsworth
Rasputin :: Jack of All Trades - Master of Nuns

Responses

pgsql-admin by date

Next:From: KÖPFERL RobertDate: 2005-02-22 12:21:51
Subject: Re: pg_hba.conf
Previous:From: KÖPFERL RobertDate: 2005-02-22 11:09:28
Subject: Corrupt data directory

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group