Re: BUG #6687: initdb -A ident can almost never be correct

On Mon, Jun 11, 2012 at 05:51:06PM +0200, Magnus Hagander wrote:
> On Mon, Jun 11, 2012 at 5:14 PM, <david(at)fetter(dot)org> wrote:
> > The following bug has been logged on the website:
> >
> > Bug reference:      6687
> > Logged by:          David Fetter
> > Email address:      david(at)fetter(dot)org
> > PostgreSQL version: 9.1.4
> > Operating system:   All
> > Description:
> >
> > When calling initdb -A, it is assumed--wrongly in the case of ident, that
> > every method is valid for both local and network.
>
> Um, what do you mean?
>
> If I specify initdb -A, it gives me peer on local and ident on tcp, is
> that not what you expected?
>
> Or maybe I'm misunderstanding the problem completely.. What is
> happening, and what are you expecting to happen?

We have a design issue, namely that initdb -A blindly applies the auth
method specified to all default accesses. This is the correct
behavior for all auth methods except for ident, where it is wrong just
about everywhere for network (localhost rather than local) access.

I'm tempted to say it's always wrong for network access, only I know
someone will pipe up and talk about how they're running identd on some
legacy system.

Cheers,
David.
--
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david(dot)fetter(at)gmail(dot)com
iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate