> since the purpose of the pg_hba.conf file is to ensure that you never
> manage to lock yourself out of your database, might it make sense to have
> a pg_hba table in each database that can be / will be / should be(???)
> overidden by the pg_hba.conf file, thus ensuring you never get locked out,
> but allowing the vast majority of connection configuration to be handled
> by tables, with the pg_hba.conf as an emergency procedure used to get the
> warp engines online in case some drunken ensign starts singing "I'll take
> you home Kathleen" and shuts them down. (i.e. "delete from pg_hba" or
> something like it.)???
How about some kind of 'include table pg_hba' statement in the
pg_hba.conf file?
Anything prior to that could not be overridden by entries in the pg_hba
table, and the absence of an include statement means that only the file
entries are used, preserving the current behavior.
--
Mike Nolan
