On Fri, 2008-06-13 at 13:26 -0400, Andrew Sullivan wrote:
> On Fri, Jun 13, 2008 at 12:47:22PM -0400, Andrew Dunstan wrote:
> > The reason it wasn't done years ago was that there was disagreement on the
> > way it should work. And the TODO actually lists several alternatives:
> >
> > Host name lookup could occur when the postmaster reads the
> > pg_hba.conf file, or when the backend starts. Another solution would
>
> It needs to happen at authentication time. I'm not sure whether
> "reads the pg_hba.conf" or "backend starts" is the right way to say
> that, but it must happen only when you're actually authenticating the
> host entry.
The best of both ideas would be to have an option inside pg_hab.conf to
indicate when lookup occurs. Some parts of a network are static, others
are not, so a global option would not be useful.
The default should be at authentication time as Andrew Sullivan
suggests, so that correctness is the default. If the user knows a
portion of their network is static, then the lookups can be done ahead
of connection time to reduce connection latency, as Andrew Dunstan
suggests.
-- Simon Riggs www.2ndQuadrant.comPostgreSQL Training, Services and Support
