| From: | Dick Davies <rasputnik(at)hellooperator(dot)net> |
|---|---|
| To: | PostgreSQL Admin <pgsql-admin(at)postgresql(dot)org> |
| Subject: | pg_hba.conf |
| Date: | 2005-02-22 11:56:41 |
| Message-ID: | 20050222115641.GR66519@eris.tenfour |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Just needed clarification on how pg_hba.conf operates.
Does a specific host take precedence over a more general network setting?
The local socket is only accessible to a certain group, but I don't want
the overhead of SSL for loopback connections. If I connect to the server
from the local machine, the connections show up as (eg) 10.2.3.4, the NIC
ip.
I was hoping the more specific 'host' entry would take entry over the universal
'hostssl' entry, but it does'nt seem to...
I have this:
root(at)eris:postgresql80-server$ cat /opt/pgsql/data/pg_hba.conf
# TYPE DATABASE USER IP-ADDRESS METHOD
local all all trust
host all all 10.2.3.4/32 md5
hostssl all all 0.0.0.0/0 md5
Is there a way to say 'all IP traffic should be encrypted except one IP' that
I'm missing?
I know I could just add the local process into the dba group, but the app doesn't
reconnect if the socket goes away on a db restart, so that's not ideal...
--
'That question was less stupid; though you asked it in a profoundly stupid way.'
-- Prof. Farnsworth
Rasputin :: Jack of All Trades - Master of Nuns
| From | Date | Subject | |
|---|---|---|---|
| Next Message | KÖPFERL Robert | 2005-02-22 12:21:51 | Re: pg_hba.conf |
| Previous Message | KÖPFERL Robert | 2005-02-22 11:09:28 | Corrupt data directory |