| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Jehan-Guillaume de Rorthais <jgdr(at)dalibo(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: when the startup process doesn't |
| Date: | 2021-04-20 18:56:58 |
| Message-ID: | 633337.1618945018@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Stephen Frost <sfrost(at)snowman(dot)net> writes:
> Yeah, being able to pick up on this remotely seems like it'd be quite
> nice. I'm not really thrilled with the idea, but the best I've got
> offhand for this would be a new role that's "pg_recovery_login" where an
> admin can GRANT that role to the roles they'd like to be able to use to
> login during the recovery process and then, for those roles, we write
> out flat files to allow authentication without access to pg_authid,
We got rid of those flat files for good and sufficient reasons. I really
really don't want to go back to having such.
I wonder though whether we really need authentication here. pg_ping
already exposes whether the database is up, to anyone who can reach the
postmaster port at all. Would it be so horrible if the "can't accept
connections" error message included a detail about "recovery is X%
done"?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2021-04-20 19:01:04 | Re: PATCH: Add GSSAPI ccache_name option to libpq |
| Previous Message | Stephen Frost | 2021-04-20 18:51:50 | Re: when the startup process doesn't |