On Thu, Jul 15, 2004 at 11:20:46PM +0200, Peter Eisentraut wrote:
> Magnus Hagander wrote:
> > This one makes it mandatory to pick some kind of authentication. If
> > that's not wanted, it's easy to change it to default to trust (which
> > I think is wrong, but we've been through that already..)
>
> I don't think I like any of this. Sooner rather than later, people need
> to look at pg_hba.conf and think about it. I don't like switches that
> induce them to skip that step. And I certainly don't like forcing
> extra switches on users that just try out an installation locally.
I agree with this sentiment. On the spanish list is common to see
people trying to do things on an RPM-installed server, which is
configured to use IDENT by default, and asking why they cannot connect.
The answer is always to look at pg_hba.conf and the relevant
documentation.
If it were my choice, I'd disallow connections by default completely,
and spit a reject message along the lines of "you should have a look at
pg_hba.conf".
--
Alvaro Herrera (<alvherre[a]dcc.uchile.cl>)
"Uno combate cuando es necesario... ¡no cuando está de humor!
El humor es para el ganado, o para hacer el amor, o para tocar el
baliset. No para combatir." (Gurney Halleck)