| From: | Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Providing catalog view to pg_hba.conf file - Patch submission |
| Date: | 2015-02-27 17:48:30 |
| Message-ID: | 54F0ADEE.6070004@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 27.2.2015 17:59, Stephen Frost wrote:
> All,
>
> * Tomas Vondra (tomas(dot)vondra(at)2ndquadrant(dot)com) wrote:
>>
>> The other feature that'd be cool to have is a debugging function
>> on top of the view, i.e. a function pg_hba_check(host, ip, db,
>> user, pwd) showing which hba rule matched. But that's certainly
>> nontrivial.
>
> I'm not sure that I see why, offhand, it'd be much more than trivial
> ...
From time to time I have to debug why are connection attempts failing,
and with moderately-sized pg_hba.conf files (e.g. on database servers
shared by multiple applications) that may be tricky. Identifying the
rule that matched (and rejected) the connection would be helpful.
But yes, that's non-trivial and out of scope of this patch.
--
Tomas Vondra http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2015-02-27 17:51:18 | Re: POLA violation with \c service= |
| Previous Message | David Fetter | 2015-02-27 17:41:26 | Re: Bug in pg_dump |