replication requires redundant rule in pga_hba?
It seems like the following is redundant:
host all all 0.0.0.0/0 md5
hostnossl replication replicationuser 0.0.0.0/0 md5
The first one allows either SSL or non SSL to all users for all DBs from
any address via MD5. Good for everything, no? Yet if I remove the second
line, I see a bunch of:
FATAL: no pg_hba.conf entry for replication connection from host 10....,
user "replicationuser", SSL off
Why is this? What am I missing?
--
Wells Oliver
wellsoliver@gmail.com
Wells Oliver <wellsoliver@gmail.com> writes:
It seems like the following is redundant:
host all all 0.0.0.0/0 md5
hostnossl replication replicationuser 0.0.0.0/0 md5
The first one allows either SSL or non SSL to all users for all DBs from
any address via MD5. Good for everything, no? Yet if I remove the second
line, I see a bunch of:
FATAL: no pg_hba.conf entry for replication connection from host 10....,
user "replicationuser", SSL off
Why is this? What am I missing?
I believe replication intentionally requires a special entry, ie is
deliberately not included in "all". The theory is that such a
connection gives access to absolutely everything in the database
cluster, which is more access than any regular connection has, so we
don't want to let one be made unintentionally.
regards, tom lane