| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: pg_hba.conf hostname todo |
| Date: | 2006-12-27 22:19:03 |
| Message-ID: | 4592F157.3060907@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Joshua D. Drake wrote:
> Hello,
>
> Per the TODO list:
>
> Allow pg_hba.conf to specify host names along with IP addresses
>
> Host name lookup could occur when the postmaster reads the pg_hba.conf
> file, or when the backend starts. Another solution would be to reverse
> lookup the connection IP and check that hostname against the host names
> in pg_hba.conf. We could also then check that the host name maps to the
> IP address.
>
>
> I was considering trying to attack this for 8.3. My thoughts are the
> following:
>
> Allow one to specify a FQDN or a simple wild card DN. E.g;
> *.commandprompt.com.
>
> A valid entry would look like this:
>
> host all all *.commandprompt.com trust
> host all all www1.postgresql.org md5
>
Before we rehearse the discussion we had in June again, please review
it. It ended on these sensible words from Tom at
http://archives.postgresql.org/pgsql-hackers/2006-02/msg00550.php :
> > Personally, I doubt there's any great use case for DNS names. Like Tom
> > says, if it involves much more that removing the AI_NUMERICHOST hint
> > then let's forget it.
>
> Perhaps more to the point: let's do that and wait to see if the field
> demand justifies expending lots of sweat on anything smarter. Given
> that we've gone this long with only allowing numeric IPs in pg_hba.conf,
> I suspect we'll find that few people really care.
>
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Martijn van Oosterhout | 2006-12-27 22:26:45 | Re: Load distributed checkpoint |
| Previous Message | Joshua D. Drake | 2006-12-27 22:16:58 | Re: pg_hba.conf hostname todo |