Tom,
Agreed, I will have to be more careful in watching my other settings in
the pg_hba.conf file when testing new parameters as one affects another.
Peter, as well as you, were kind enough to point out the obvious that I
probably had another line in my pg_hba.conf that was still letting people
through, which there was. So I apologise for not being more careful in
checking that before hand.
Sometimes you just need someone else to point out an obvious fact to you
when you get tunnel vision from looking at the same file for too long.
Thanks for your help, problem is solved and working as it should.
Tim Frank
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 14/03/01, 1:26:50 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote regarding Re:
[GENERAL] pg_hba.conf "sameuser" :
> Tim Frank <tfrank@registrar.uoguelph.ca> writes:
> > I'm still trying to get a handle on all of the possible
authentication
> > methods and what combinations will work best for what I need, and what
> > combinations will work in general. I am having difficulty getting the
> > "sameuser" parameter to do anything under DBNAME.
> Keep in mind that DBNAME and the host IP info are a pattern to be
> matched. The postmaster looks for the first line in pg_hba.conf that
> matches the connection request, and then applies the AUTHTYPE method
> specified in that line. If DBNAME is "sameuser" then the line matches
> requests where the username and dbname are the same --- but if they're
> not the same, the postmaster will keep right on looking for a matching
> line. So your example didn't prove anything except that you had another
> pg_hba line that would allow connections where the dbname and username
> are different.
> In general you have to look at the whole set of potentially applicable
> pg_hba.conf lines and the order that they appear in to understand the
> behavior. Showing one line won't let anyone help you.
> regards, tom lane
