Bart Samwel <bart(at)samwel(dot)tk> wrote:
> I've been working on a patch to add hostname support to
> pg_hba.conf.
> At present, I've simply not added caching.
Perhaps you could just recommend using nscd (or similar).
> There was a suggestion on the TODO list on the wiki, which
> basically said that maybe we could use reverse lookup to find
> "the" hostname and then check for that hostname in the list. I
> think that won't work, since IPs can go by many names and may not
> support reverse lookup for some hostnames (/etc/hosts anybody?).
Right. Any reverse lookup should be, at best, for display in error
messages or logs. There can be zero to many names for an IP
address.
> Currently, a pg_hba entry lists an IP / netmask combination. I
> would suggest allowing lists of hostnames in the entries, so that
> you can at least mimic the "match multiple hosts by a single
> rule". Any reason not to do this?
I can't see any reason other than code complexity.
-Kevin