| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com> |
| Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pg_hba_lookup function to get all matching pg_hba.conf entries |
| Date: | 2015-11-16 22:37:45 |
| Message-ID: | 564A5AB9.5060505@gmx.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 11/16/15 2:37 AM, Haribabu Kommi wrote:
> On Mon, Nov 16, 2015 at 2:30 PM, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
>> On 7/21/15 5:15 AM, Haribabu Kommi wrote:
>>> With the output of this view, administrator can identify the lines
>>> that are matching for the given
>>> criteria easily without going through the file.
>>
>> How is this useful? I could see the use if you want to debug cases of
>> user foo on host bar says they can't connect, but you can't impersonate
>> them to verify it. But then all you need is a function with a scalar
>> result, not a result set.
>
> Do you mean the function should return true or false based on the connection
> status with the provided arguments?
>
> I also feel difficult to understand the function result as compared to a view.
An hba lookup is essentially a lookup by user name, database name,
client address, yielding an authentication method (possibly with
parameters). So I think this function should work that way as well:
arguments are user name, database name, and so on, and the return value
is an authentication method. Maybe it would be some kind of record,
with line number and some parameters.
That would address the use case I put forth above. I don't know whether
that's what you were going for.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2015-11-16 22:40:06 | Re: proposal: PL/Pythonu - function ereport |
| Previous Message | Robert Haas | 2015-11-16 22:30:42 | Re: CustomScan in a larger structure (RE: CustomScan support on readfuncs.c) |