Participants
Bruce Momjian
Bruce Momjian
Kurt Roeckx
Kurt Roeckx
Curt Sampson
Curt Sampson
Attachments

No attachments in this thread

Thread Outline
#1Kurt RoeckxKurt Roeckx
Feb 02, 2003
#2...#3
Bruce MomjianCurt Sampson
to Kurt Roeckx (#1)
Feb 03, 2003
#2Bruce MomjianBruce Momjianto Kurt Roeckx (#1)
Feb 03, 2003
#3Curt SampsonCurt Sampsonto Bruce Momjian (#2)
Feb 03, 2003
#4Bruce MomjianBruce Momjianto Kurt Roeckx (#1)
Feb 17, 2003

pg_hba.conf hostmask.

Started by Kurt Roeckxalmost 23 years ago4 messages
#1Kurt Roeckx
Kurt Roeckx
Q@ping.be

Currently in pg_hba.conf you specify the ip addresses that can
connect with 2 fields: the ip address and the mask.

What do you think about changing it to ip address/mask? Where
mask can be both the current mask, or the prefix length.

It's so much handier to use, especially for ipv6.

Kurt

#2Bruce Momjian
Bruce Momjian
pgman@candle.pha.pa.us
In reply to: Kurt Roeckx (#1)
Re: pg_hba.conf hostmask.

Kurt Roeckx wrote:

Currently in pg_hba.conf you specify the ip addresses that can
connect with 2 fields: the ip address and the mask.

What do you think about changing it to ip address/mask? Where
mask can be both the current mask, or the prefix length.

It's so much handier to use, especially for ipv6.

Yes, some have asked about this. My understanding was that CIDR
(host/len) was mostly for networks, while hostname/mask was for hosts.
Now, you can specify hosts using /32, but is is unusual? Maybe not. We
basically have columns in pg_hba.conf that can specify either hosts or
networks, so I suppose either should work. One neat trick would be to
allow both, and I think I can easily code that up. If you specify a '/'
and value after the host address, you don't use a netmask value. How is
that?

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073
#3Curt Sampson
Curt Sampson
cjs@cynic.net
In reply to: Bruce Momjian (#2)
Re: pg_hba.conf hostmask.

On Sun, 2 Feb 2003, Bruce Momjian wrote:

Yes, some have asked about this. My understanding was that CIDR
(host/len) was mostly for networks, while hostname/mask was for hosts.
Now, you can specify hosts using /32, but is is unusual? Maybe not.

Typically, if you have something like an access list where you're
specifying hosts or networks, you default the netmask to /32 if it's not
supplied.

However, if we're going to maintain backward compatability with the old
format (i.e., using a separately specified netmask in the next column if
no slash is present in the address column) we can't do that.

Personally, I'm all for breaking backwards compatability (as I usually
am :-)) but could quite easily live with specifying all most hosts as
"n.n.n.n/32" forever into the future, too.

cjs
--
Curt Sampson <cjs@cynic.net> +81 90 7737 2974 http://www.netbsd.org
Don't you know, in this new Dark Age, we're all light. --XTC

#4Bruce Momjian
Bruce Momjian
pgman@candle.pha.pa.us
In reply to: Kurt Roeckx (#1)
Re: pg_hba.conf hostmask.

Added to TODO:

* Allow CIDR format to be used in pg_hba.conf

---------------------------------------------------------------------------

Kurt Roeckx wrote:

Currently in pg_hba.conf you specify the ip addresses that can
connect with 2 fields: the ip address and the mask.

What do you think about changing it to ip address/mask? Where
mask can be both the current mask, or the prefix length.

It's so much handier to use, especially for ipv6.

Kurt

---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

http://archives.postgresql.org

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073
← Back to Topics