Re: BUG #5763: pg_hba.conf not honored

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Kaiting Chen" <kaitocracy(at)gmail(dot)com>
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #5763: pg_hba.conf not honored
Date: 2010-11-23 15:29:43
Message-ID: 8761.1290526183@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

"Kaiting Chen" <kaitocracy(at)gmail(dot)com> writes:
> From this pg_hba configuration as the user 'kaiting.chen' is not in role
> 'service' the second entry in the table should be skipped and he should
> authenticate via GSSAPI. However this does not happen.

I believe the definition of "in role" we use here is "has the privileges
of role". Since kaiting.chen is a superuser, all privilege tests will
succeed for him, including that one. IOW, a superuser is automatically
a member of every role. This isn't a bug.

regards, tom lane

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Jonathan Pool 2010-11-23 18:08:07 Documentation bug: Chapter 35.4, paragraph 4
Previous Message Jon Nelson 2010-11-23 14:37:02 Re: temporary tables, and lots of 0 byte files