Skip site navigation (1) Skip section navigation (2)

Re: Thoughts on pg_hba.conf rejection

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Robert Haas <robertmhaas(at)gmail(dot)com>, Alvaro Herrera <alvherre(at)commandprompt(dot)com>, Simon Riggs <simon(at)2ndquadrant(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Bruce Momjian <bruce(at)momjian(dot)us>, Aidan Van Dyk <aidan(at)highrise(dot)ca>, Joshua Tolley <eggyknap(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Thoughts on pg_hba.conf rejection
Date: 2010-04-20 14:19:45
Message-ID: 26632.1271773185@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
I wrote:
> Actually, while I'm looking at that code, a more immediate TODO is
> "fix walsender".  Somebody has inserted an absolutely flight-of-fantasy
> code path into InitPostgres.  (Hint: template1 can be dropped.
> ESPECIALLY when you're deliberately not taking any lock on it.)

Now that I look more closely, it seems what we have actually got there
is an incorrect attempt to solve the problem of authenticating without
selecting any particular database.  So we could solve both this and
the original complaint in the thread if we can arrange for all
authentication to be done on the basis of shared-catalog access under
rules similar to what the AV launcher does with pg_database.  At a
minimum that will require marking the pg_auth catalogs as
BKI_SCHEMA_MACRO, but that's far less painful than it used to be.
I don't recall what other consequences there are, but will go looking.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Kevin GrittnerDate: 2010-04-20 14:24:38
Subject: Re: [HACKERS] Streaming replication document improvements
Previous:From: Tom LaneDate: 2010-04-20 14:08:37
Subject: Re: [HACKERS] Streaming replication document improvements

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group