Magnus Hagander wrote:
> Magnus Hagander wrote:
>
> [about the ability to use different maps for ident auth, gss and krb
> auth for example]
>
> >>>> It wouldn't be very easy/clean to do that w/o breaking the existing
> >>>> structure of pg_ident though, which makes me feel like using seperate
> >>>> files is probably the way to go.
>
> Actually, I may have to take that back. We already have support for
> multiple maps in the ident file, I'm not really sure anymore of the case
> where this wouldn't be enough :-)
>
> That said, I still think we want to parse pg_hba in the postmaster,
> because it allows us to not load known broken files, and show errors
> when you actually change the file etc. ;-)
>
> I did code up a POC patch for it, and it's not particularly hard to do.
> Mostly it's just moving the codepath from the backend to the postmaster.
> I'll clean it up a but and post it, just so ppl can see what it looks
> like...
To address Magnus' specific question, right now we store the pg_hba.conf
tokens as strings in the postmaster. I am fine with storing them in a
more native format and throwing errors for values that don't convert.
What would concern me is calling lots of 3rd party libraries from the
postmaster to validate items.
-- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB
http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
