Home > mailing lists

Re: Adding line to pg_hba.conf for a specific group makes superuser authentication fail in 9.0? - Mailing list pgsql-admin

From	Glyn Astill
Subject	Re: Adding line to pg_hba.conf for a specific group makes superuser authentication fail in 9.0?
Date	July 27, 2011 16:39:59
Msg-id	1311784785.5983.YahooMailNeo@web26004.mail.ukl.yahoo.com Whole thread Raw
In response to	Re: Adding line to pg_hba.conf for a specific group makes superuser authentication fail in 9.0? (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Adding line to pg_hba.conf for a specific group makes superuser authentication fail in 9.0?
List	pgsql-admin

Tree view

> From: Tom Lane <tgl@sss.pgh.pa.us>

>G lyn Astill <glynastill@yahoo.co.uk> writes:
>>  I'm having what's hopefully a fairly trivial issue here with
> pg_hba.conf in 9.0.4; when I add in the following line
>
>>          host    all         +ad_users   10.10.0.0/16          ldap <ldap
> details>
>
>>  If I try to log in with a superuser account from the 10.10.0.0/16 network
> it appears to try to authenticate it against that entry via ldap.
>
>>  This didn't happen in 8.4.8, what could I be missing?
>
> Well, a superuser is automatically considered a member of any group,
> so a match to that line would be expected IMO.  If you don't want that,
> you need some more-specific line ahead of it to catch superusers.
>
>             regards, tom lane
>

Well that's all new to me, surely this is a bug?

How can I specifically catch superusers?

pgsql-admin by date:

From: A J
Date: 27 July 2011, 16:33:57
Subject: test commit_delay

From: "Kevin Grittner"
Date: 27 July 2011, 16:50:18
Subject: Re: Adding line to pg_hba.conf for a specific group makes superuser authentication fail in 9.0?

Re: Adding line to pg_hba.conf for a specific group makes superuser authentication fail in 9.0? - Mailing list pgsql-admin

Previous

Next