Skip site navigation (1) Skip section navigation (2)

pg_hba options parsing

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: PG Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: pg_hba options parsing
Date: 2008-09-30 18:36:53
Message-ID: 48E271C5.7010907@hagander.net (view raw or flat)
Thread:
Lists: pgsql-hackers
This patch changes the options field of pg_hba.conf to take name/value
pairs instead of a fixed string. This makes it a lot nicer to deal with
auth methods that need more than one parameter, such as LDAP.

While at it, it also adds map support to kerberos, gssapi and sspi and
not just ident - basically all methods where the username comes from an
outside source (lmk if I missed one).

Also in passing, changes the methods in auth.c to deal with "unsupported
auth method on this platform" errors the same way for all authentication
methods.

I intend to build on this patch to support setting some
Kerberos/GSSAPI/SSPI parameters on a per-connection base, but wanted to
get the basics in first.

Obviously, documentation still pending. I'm working on that in parallel.


So, comments? Both in general, and specifically on if we need to do
backwards compatible parsing of LDAP options (doing it of all the other
options would be trivial, but LDAP would be harder)


//Magnus

Attachment: hba_format.patch
Description: text/x-diff (28.5 KB)

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2008-09-30 18:43:26
Subject: Re: Block-level CRC checks
Previous:From: Jonah H. HarrisDate: 2008-09-30 18:33:04
Subject: Re: Block-level CRC checks

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group