Re: BUG #4330: Bonjour connections ignore hba config METHOD and always trusted

On Jul 28, 2008, at 3:35 PM, Tom Lane wrote:

> "William Kyngesburye" <kyngchaos(at)kyngchaos(dot)com> writes:
>> When connection with the Bonjour name of the postgres server, it
>> ignores the
>> md5 setting and always trusts the connection. I tried with other
>> auth
>> methods with the same effect.
>
> What exactly have you got in pg_hba.conf?
>
> AFAIK there is no such thing as a "Bonjour connection"; Bonjour just
> provides a means for the server to advertise its IP address. I
> speculate that what it's advertising is a port that you have
> configured
> to be trusted.
>
> regards, tom lane

The default:

# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust

and:

host all somerole 192.168.1.0/24 md5

the local unix and local tcp lines aren't catching the connection - if
I remove my added connection, all external connections fail, as
expected. And I tried reording it so my addition is first, but a
bonjour connection is still trusted.

I realize that bonjour just supplies IP info to the client. I too
find it strange that the server would see the connection differently.

-----
William Kyngesburye <kyngchaos*at*kyngchaos*dot*com>
http://www.kyngchaos.com/

"Time is an illusion - lunchtime doubly so."

- Ford Prefect