"all" not inclusive of "replication" in pg_hba.conf
Dear List ,
It is been found that the entry
local all all trust
does not renders below redundant in pg_hba.conf
local replication replicator01 trust
regds
mallah.
On Sat, Sep 24, 2011 at 10:07 PM, Rajesh Kumar Mallah
<mallah.rajesh@gmail.com> wrote:
Dear List ,
It is been found that the entry
local all all trust
does not renders below redundant in pg_hba.conf
local replication replicator01 trust
I noticed this too, and I think it should. Either way, the
documentation isn't clear on this point -- either 'all' should include
the faux replication database or it should be noted in appropriate
places that 'all' doesn't/can't do that.
merlin
On Mon, 2011-09-26 at 11:58 -0500, Merlin Moncure wrote:
On Sat, Sep 24, 2011 at 10:07 PM, Rajesh Kumar Mallah
<mallah.rajesh@gmail.com> wrote:Dear List ,
It is been found that the entry
local all all trust
does not renders below redundant in pg_hba.conf
local replication replicator01 trust
I noticed this too, and I think it should. Either way, the
documentation isn't clear on this point -- either 'all' should include
the faux replication database or it should be noted in appropriate
places that 'all' doesn't/can't do that.
"all" includes all real databases, not "virtual" one. The documentation
could probably be clearer, but "all" shouldn't include the virtual
"replication" database.
--
Guillaume
http://blog.guillaume.lelarge.info
http://www.dalibo.com
On Mon, Sep 26, 2011 at 1:47 PM, Guillaume Lelarge
<guillaume@lelarge.info> wrote:
On Mon, 2011-09-26 at 11:58 -0500, Merlin Moncure wrote:
On Sat, Sep 24, 2011 at 10:07 PM, Rajesh Kumar Mallah
<mallah.rajesh@gmail.com> wrote:Dear List ,
It is been found that the entry
local all all trust
does not renders below redundant in pg_hba.conf
local replication replicator01 trust
I noticed this too, and I think it should. Either way, the
documentation isn't clear on this point -- either 'all' should include
the faux replication database or it should be noted in appropriate
places that 'all' doesn't/can't do that."all" includes all real databases, not "virtual" one. The documentation
could probably be clearer, but "all" shouldn't include the virtual
"replication" database.
ok, what's your rationale for that? pg_hba.conf is a rule based system
with no distinction given for rule vs virtual databases. what if we
create more virtual databases? do you always have explicitly create a
rule for each database for each user? IMSNHO, the more I think about
it, the more I think current behavior is broken.
merlin
On Mon, 2011-09-26 at 14:13 -0500, Merlin Moncure wrote:
On Mon, Sep 26, 2011 at 1:47 PM, Guillaume Lelarge
<guillaume@lelarge.info> wrote:On Mon, 2011-09-26 at 11:58 -0500, Merlin Moncure wrote:
On Sat, Sep 24, 2011 at 10:07 PM, Rajesh Kumar Mallah
<mallah.rajesh@gmail.com> wrote:Dear List ,
It is been found that the entry
local all all trust
does not renders below redundant in pg_hba.conf
local replication replicator01 trust
I noticed this too, and I think it should. Either way, the
documentation isn't clear on this point -- either 'all' should include
the faux replication database or it should be noted in appropriate
places that 'all' doesn't/can't do that."all" includes all real databases, not "virtual" one. The documentation
could probably be clearer, but "all" shouldn't include the virtual
"replication" database.ok, what's your rationale for that? pg_hba.conf is a rule based system
with no distinction given for rule vs virtual databases. what if we
create more virtual databases? do you always have explicitly create a
rule for each database for each user? IMSNHO, the more I think about
it, the more I think current behavior is broken.
And I would agree (that the current behaviour is broken). Using a
database name as a flag to replication connection was a false good idea.
But, actually, I failed to find a better one.
--
Guillaume
http://blog.guillaume.lelarge.info
http://www.dalibo.com
On Mon, Sep 26, 2011 at 2:23 PM, Guillaume Lelarge
<guillaume@lelarge.info> wrote:
And I would agree (that the current behaviour is broken). Using a
database name as a flag to replication connection was a false good idea.
But, actually, I failed to find a better one.
Well, that may or may not be a good idea, but that's a separate issue.
pg_hba.conf has a very specific way of working, and the replication
'database' doesn't work that way -- it should follow the same rules
the other databases do since it's stored in the same area and should
implicitly use the same mechanics. A cleaner way of doing it might
have been to introduce a separate area for virtual databases for
example (and this might have mitigated pain for the non-zero chance
for users that already have a database named 'replication').
Maybe it's too late to change it now, though :(, we should do
something about the current situation, even if the best we can come up
with is putting a clearly worded disclaimer into the docs. I still
think it's better to make 'all' work though.
merlin