Skip site navigation (1) Skip section navigation (2)

Re: BUG #5763: pg_hba.conf not honored

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Kaiting Chen <kaitocracy(at)gmail(dot)com>, pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #5763: pg_hba.conf not honored
Date: 2010-11-28 12:56:37
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-bugs
On Tue, Nov 23, 2010 at 10:29 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> "Kaiting Chen" <kaitocracy(at)gmail(dot)com> writes:
>> From this pg_hba configuration as the user 'kaiting.chen' is not in role
>> 'service' the second entry in the table should be skipped and he should
>> authenticate via GSSAPI. However this does not happen.
> I believe the definition of "in role" we use here is "has the privileges
> of role".  Since kaiting.chen is a superuser, all privilege tests will
> succeed for him, including that one.  IOW, a superuser is automatically
> a member of every role.  This isn't a bug.

I guess it's not a bug if we did it that way on purpose, but it seems
like testing for actual group membership would be less surprising.

Robert Haas
The Enterprise PostgreSQL Company

In response to


pgsql-bugs by date

Next:From: Robert HaasDate: 2010-11-28 13:05:12
Subject: Re: Documentation bug: Chapter 35.4, paragraph 4
Previous:From: Balamurugan MahendranDate: 2010-11-28 08:01:00
Subject: Re: BUG #5773: DEBUG: reaping dead processes DEBUG: server process (PID 10007) was terminated by signal 11: Segme

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group