Re: Custom oauth validator options

> I agree it could be, but is it any more confusing than if you were to
> set work_mem in postgresql.conf today, and then `ALTER ROLE ALL SET
> work_mem` to something completely different?

I would say yes, because in the ALTER ROLE case, it's clear that a
role specific setting is more specific. But I also understand this
reasoning, I'll update the patch to follow this approach.

> Right. This goes back to your question upthread as to why I brought
> session_preload_libraries into all this -- I thought
> session_preload_libraries already had handling for this, but it
> doesn't.

I looked into the previous idea I mentioned, about using child
processes for the purpose, and got that working.

* to prevent pg_hba reloads if something is invalid in it
* possibly to print out a warning (or error/fatal) during postmaster
startup along/instead of the connection warning
* possibly to do the same during sighup

The "instead of connection warning" (removing the placeholders from
postmaster) part is a bit complex or limited, as the postmaster can't
use dsm, and there can be any number of variables.

This is again a bit of a different topic, but I could make that a
proper patch from this prototype.

The important part for this thread is that if you would prefer a
version which completely verifies the pg_hba configuration before
accepting it, it's not that difficult to implement, or at least it's
not as complex as I originally imagined it. But even that won't
guarantee that the configuration always remains valid, because session
preload libraries can change without a server restart/reload... but
that's a rare corner case, and it could be a useful check most of the
time.