| From: | Heikki Linnakangas <hlinnakangas(at)vmware(dot)com> |
|---|---|
| To: | Amit Kapila <amit(dot)kapila(at)huawei(dot)com> |
| Cc: | 'Pg Hackers' <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [WIP] Patch : Change pg_ident.conf parsing to be the same as pg_hba.conf |
| Date: | 2012-09-21 14:58:34 |
| Message-ID: | 505C809A.5030802@vmware.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 02.07.2012 15:08, Amit Kapila wrote:
> Attached is a Patch to change the parsing of pg_ident.conf to make it
> similar to pg_hba.conf.
> This is based on Todo Item:
> http://archives.postgresql.org/pgsql-hackers/2011-06/msg02204.php
>
> Purpose - This will allow to catch syntax errors in pg_ident at the startup
> or reload time.
>
>
> Changes are described as follows:
> a. Make the load_ident() functionality same as load_hba, such that it
> cleans the previous context, after successful parsing.
> b. Change the load_ident(), so that parsing can be done during load
> time and the parsed lines are saved.
> c. Change the functionality of parse_ident_usermap() so that parsing is
> not done during authentication.
> d. If load_ident() fails for parsing, it returns false and error is
> issued.
Looks good to me, committed with some small cleanup.
> This point I am not sure, as for pg_hba failure it issues FATAL at
> startup. Currently I have kept error handling for load of pg_ident same as
> pg_hba
I think we should be more lenient with pg_ident.conf, and behave as if
the file was empty. That is the old behavior, and it seems sensible. You
can still connect using an authentication method that doesn't use
pg_ident.conf, but if pg_hba.conf is missing, you cannot log in at all.
Thanks!
- Heikki
| From | Date | Subject | |
|---|---|---|---|
| Next Message | md@rpzdesign.com | 2012-09-21 14:58:48 | DB & Schema |
| Previous Message | Andres Freund | 2012-09-21 14:41:12 | Re: [COMMITTERS] pgsql: Properly set relpersistence for fake relcache entries. |