Re: pg_hba.conf: samehost and samenet [REVIEW]

On 09/23/2009 05:40 PM, Tom Lane wrote:
>> I haven't looked at this "feature" at all, but I'd be inclined, on the
>> grounds you quite reasonably cite, to require a netmask with "samenet",
>> rather than just ask the interface for its netmask.
>>
> I was just thinking the same thing. Could we then unify samehost and
> samenet into one thing? sameaddr/24 or something like that, with
> samehost just being the limiting case of all bits used. I am not
> sure though if this works nicely for IPv6 as well as IPv4.

I could see some people wanting this as well - but it's not a
replacement for samenet, it would be an additional feature. For example,
at my company, I have a cluster of machines on a /26 subnet, but for
some accesses, I would prefer to "open it up" to /8, since our company
has a /8, and I may want to allow anybody in the company to connect,
regardless of how things are routed.

I may still want samenet in the same configuration, to grant additional
access if the person happens to be on my switch compared to "anywhere in
the company". For my switch, having to hard code the subnet is back to
being a pain. If we enlarge our subnet to /25, it's one more thing that
I would have to remember to change unnecessarily.

Cheers,
mark

--
Mark Mielke<mark(at)mielke(dot)cc>