Re: control pg_hba.conf via SQL

Could postgres offer at least a read-only view of the data in the interim?
Ordering could be controlled by line number.

On Thu, March 30, 2006 10:14 am, Tom Lane wrote:
> Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
>
>> Tom Lane wrote:
>>
>>> If your pg_hba.conf looks like
>>> host all all 0.0.0.0/32 md5 there's not much call to update it
>>> dynamically ...
>
>> There'll be a call to update it once - to 0.0.0.0/0 ;-)
>>
>
> Doh ;-). Should make more effort to check my throwaway examples ...
>
>
>> But it's not clear to me why a CONNECT right shouldn't encompass all
>> the things that hba does, i.e. connect method, source address and auth
>> method.
>
> Because that stuff doesn't fit into either the syntax of GRANT or the
> system tables that store grant information. It's talking about concepts
> that don't even exist in the SQL world (while users and databases
> certainly do).
>
> Also, we know from experience that there's value in applying an ordered
> set of tests in pg_hba.conf --- in particular, rules about "local" vs
> "local net" vs "anywhere" connections are most easily expressed that
> way. We would need some substitute rule or concept in order to do the same
> work in GRANT, and I don't see what that would be.
>
> Recently in another thread someone was remarking about how ugly MySQL's
> authentication methods are. I think that's in part because they have
> chosen to wedge the client hostname into their concept of user. It
> doesn't fit nicely.
>
> regards, tom lane
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Have you searched our list archives?
>
>
> http://archives.postgresql.org
>
>