I am adding users and groups to pg_hba.conf. The coding is done but I
am stuck on a reload issue.
As you may know, 7.2 tokenizes pg_hba.conf once, and reads those tokens
to test every connection request. I have added code to dump the
group/user mappings into global/pg_group and the postmaster can read
that file and substitute group names for users lists during
tokenization.
I have also added code to dump a new pg_group every time a group/user is
modified. (Users have to be done because of user renaming.)
The problem is when to retokenize pg_hba.conf after a new pg_group is
made. Seems I can either force administrators to 'pg_ctl reload' to
update for group changes, or automatically retokenize pg_hba.conf every
time I update pg_group. (We don't have any way of handling user renames
in pg_hba.conf because we enter those as strings, but pg_group will
handle them.)
Does anyone see another option? I can write code so only pg_global is
retokenized, but right now the user tokens are pulled out for the
matching group and inlined into the token stream. If I have a separate
token tree for pg_group, each connection will have to spin through the
tokens looking for matching group names. I suppose it isn't a big deal,
but I want to make sure we want to prevent auto-reloading of pg_hba.conf
on user/group changes, and just reload pg_group.
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill,
Pennsylvania19026
