Re: Thoughts on pg_hba.conf rejection

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Robert Haas <robertmhaas(at)gmail(dot)com>, Alvaro Herrera <alvherre(at)commandprompt(dot)com>, Simon Riggs <simon(at)2ndquadrant(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Bruce Momjian <bruce(at)momjian(dot)us>, Aidan Van Dyk <aidan(at)highrise(dot)ca>, Joshua Tolley <eggyknap(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Thoughts on pg_hba.conf rejection
Date: 2010-04-20 14:19:45
Message-ID: 26632.1271773185@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox
Thread:
Lists: pgsql-hackers

I wrote:
> Actually, while I'm looking at that code, a more immediate TODO is
> "fix walsender". Somebody has inserted an absolutely flight-of-fantasy
> code path into InitPostgres. (Hint: template1 can be dropped.
> ESPECIALLY when you're deliberately not taking any lock on it.)

Now that I look more closely, it seems what we have actually got there
is an incorrect attempt to solve the problem of authenticating without
selecting any particular database. So we could solve both this and
the original complaint in the thread if we can arrange for all
authentication to be done on the basis of shared-catalog access under
rules similar to what the AV launcher does with pg_database. At a
minimum that will require marking the pg_auth catalogs as
BKI_SCHEMA_MACRO, but that's far less painful than it used to be.
I don't recall what other consequences there are, but will go looking.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Kevin Grittner 2010-04-20 14:24:38 Re: [HACKERS] Streaming replication document improvements
Previous Message Tom Lane 2010-04-20 14:08:37 Re: [HACKERS] Streaming replication document improvements