Re: Let people set host(no)ssl settings from initdb

From: David Fetter <david(at)fetter(dot)org>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Let people set host(no)ssl settings from initdb
Date: 2019-12-12 06:24:16
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On Thu, Dec 12, 2019 at 12:23:42AM -0500, Tom Lane wrote:
> David Fetter <david(at)fetter(dot)org> writes:
> > I've found myself writing a lot of boilerplate pg_hba.conf entries
> > along the lines of
> > hostnossl all all reject
> > hostssl all all md5
> > so I thought I'd make it easier to do that from initdb.
> > What say?
> I'm pretty suspicious of loading down initdb with random configuration
> options, because I think most people nowadays use PG via vendor packages
> that script their calls to initdb. So an option like this doesn't help
> unless you can persuade all those vendors to pass the option through.

Would the official PGDG .deb and .rpm packages suffice?

> That problem exists even before you get to the question of whether
> this specific option is useful or well-designed ... a question I'm
> not opining about here, but it would certainly require thought.

I think it was a reasonable extension. We cover lines that start with
local and host, but they can also start with hostssl and hostnossl.

Meanwhile, please find attached a fix for an oversight around IPv6.

David Fetter <david(at)fetter(dot)org>
Phone: +1 415 235 3778

Remember to vote!
Consider donating to Postgres:

Attachment Content-Type Size
v2-0001-Enable-setting-pg_hba.conf-permissions-from-initd.patch text/x-diff 11.4 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Amit Kapila 2019-12-12 06:43:50 Re: Wrong assert in TransactionGroupUpdateXidStatus
Previous Message Amit Khandekar 2019-12-12 06:22:47 Re: logical decoding : exceeded maxAllocatedDescs for .spill files