On Wed, Aug 26, 2009 at 22:47, Tom Lane<tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>> On Wed, Aug 26, 2009 at 15:57, Tom Lane<tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>>> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>>>> But that will still fail if the user has set it up to require a client
>>> But not till it gets to the pg_hba checks. We might need to have some
>> How would that be different from what we have now? sslmode=prefer will
>> still allow both ssl and non-ssl connection. It won't kick you out
>> until you reach the hba processing, will it?
> Hm, will it retry if the ssl setup step fails? If so it'd be all right,
> but it's still a waste of cycles ...
Yes, that's the difference between prefer and require.
I think the main issue is that test_postmaster_connection() only
accepts two cases - successful login and password prompt. It would
have similar issues with say an ident mismatch, or loopback
connections configured for kerberos.
In response to
pgsql-bugs by date
|Next:||From: Nikola Ciprich||Date: 2009-08-27 08:18:23|
|Subject: BUG #5017: unsigned packages in RHEL4 8.3 packages|
|Previous:||From: Heikki Linnakangas||Date: 2009-08-27 06:30:16|
|Subject: Re: BUG #5011: Standby recovery unable to follow timeline