Re: pg_hba.conf

According to the excelent doc, the _first_ matching entry will be used.

C:\> -----Original Message-----
C:\> From: Dick Davies [mailto:rasputnik(at)hellooperator(dot)net]
C:\> Sent: Dienstag, 22. Februar 2005 12:57
C:\> To: PostgreSQL Admin
C:\> Subject: [ADMIN] pg_hba.conf
C:\>
C:\>
C:\>
C:\> Just needed clarification on how pg_hba.conf operates.
C:\> Does a specific host take precedence over a more general
C:\> network setting?
C:\>
C:\> The local socket is only accessible to a certain group,
C:\> but I don't want
C:\> the overhead of SSL for loopback connections. If I connect
C:\> to the server
C:\> from the local machine, the connections show up as (eg)
C:\> 10.2.3.4, the NIC
C:\> ip.
C:\>
C:\> I was hoping the more specific 'host' entry would take
C:\> entry over the universal
C:\> 'hostssl' entry, but it does'nt seem to...
C:\>
C:\> I have this:
C:\>
C:\> root(at)eris:postgresql80-server$ cat /opt/pgsql/data/pg_hba.conf
C:\> # TYPE DATABASE USER IP-ADDRESS METHOD
C:\> local all all trust
C:\> host all all 10.2.3.4/32 md5
C:\> hostssl all all 0.0.0.0/0 md5
C:\>
C:\> Is there a way to say 'all IP traffic should be encrypted
C:\> except one IP' that
C:\> I'm missing?
C:\>
C:\> I know I could just add the local process into the dba
C:\> group, but the app doesn't
C:\> reconnect if the socket goes away on a db restart, so
C:\> that's not ideal...
C:\>
C:\>
C:\> --
C:\> 'That question was less stupid; though you asked it in a
C:\> profoundly stupid way.'
C:\> -- Prof. Farnsworth
C:\> Rasputin :: Jack of All Trades - Master of Nuns
C:\>
C:\> ---------------------------(end of
C:\> broadcast)---------------------------
C:\> TIP 7: don't forget to increase your free space map settings
C:\>