| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | cedric(dot)mesnil(at)trusted-logic(dot)fr, pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: hba_conf: only first line is checked |
| Date: | 2001-01-27 05:54:13 |
| Message-ID: | 20584.980574853@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
=?iso-8859-1?Q?C=E9dric?= Mesnil <cedric(dot)mesnil(at)trusted-logic(dot)fr> writes:
> I want to allow some user to connect to my db with password authentication against
> a first password file and allow other user against a second one. I ve writen the following pg_hba.conf:
> host all 192.168.1.201 255.255.255.255 password passwd
> host all 192.168.1.201 255.255.255.255 password passwd2
This does not make any sense to me. Why don't you just merge the two
password files? If you want to have distinct password files for
distinct situations, then the situations have to actually be distinct,
ie, different host addresses or database names in pg_hba.conf. The
postmaster will stop on the first pg_hba.conf line that matches the
client hostaddress and requested database, so the second line in the
above example can never be reached. This is not a bug; if we changed
it then we'd break a lot of other useful cases.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | R D | 2001-01-27 08:33:49 | Re: postgres limitation |
| Previous Message | Bruce Momjian | 2001-01-26 23:20:04 | Re: Some thoughts on replication |