Re: BUG #6687: initdb -A ident can almost never be correct

On Mon, Jun 11, 2012 at 6:01 PM, David Fetter <david(at)fetter(dot)org> wrote:
> On Mon, Jun 11, 2012 at 05:51:06PM +0200, Magnus Hagander wrote:
>> On Mon, Jun 11, 2012 at 5:14 PM,  <david(at)fetter(dot)org> wrote:
>> > The following bug has been logged on the website:
>> >
>> > Bug reference:      6687
>> > Logged by:          David Fetter
>> > Email address:      david(at)fetter(dot)org
>> > PostgreSQL version: 9.1.4
>> > Operating system:   All
>> > Description:
>> >
>> > When calling initdb -A, it is assumed--wrongly in the case of ident, that
>> > every method is valid for both local and network.
>>
>> Um, what do you mean?
>>
>> If I specify initdb -A, it gives me peer on local and ident on tcp, is
>> that not what you expected?
>>
>> Or maybe I'm misunderstanding the problem completely.. What is
>> happening, and what are you expecting to happen?
>
> We have a design issue, namely that initdb -A blindly applies the auth
> method specified to all default accesses.  This is the correct
> behavior for all auth methods except for ident, where it is wrong just
> about everywhere for network (localhost rather than local) access.

Uh, what *would* you expect to happen if you choose "ident"? That
something different than what you choose is done?

I can get the argument for "peer", which could potentially leave the
non-local entries out completely. But I don't see anything wrong with
what "ident" does.

And even in the case of peer, since the default is not to even
*listen* on remote connections, it's not a huge problem...

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/