Re: BUG #6687: initdb -A ident can almost never be correct - Mailing list pgsql-bugs

From David Fetter
Subject Re: BUG #6687: initdb -A ident can almost never be correct
Date
Msg-id 20120611161441.GB5039@fetter.org
Whole thread Raw
In response to Re: BUG #6687: initdb -A ident can almost never be correct  (Magnus Hagander <magnus@hagander.net>)
Responses Re: BUG #6687: initdb -A ident can almost never be correct
List pgsql-bugs
On Mon, Jun 11, 2012 at 06:04:22PM +0200, Magnus Hagander wrote:
> On Mon, Jun 11, 2012 at 6:01 PM, David Fetter <david@fetter.org> wrote:
> > On Mon, Jun 11, 2012 at 05:51:06PM +0200, Magnus Hagander wrote:
> >> On Mon, Jun 11, 2012 at 5:14 PM, =A0<david@fetter.org> wrote:
> >> > The following bug has been logged on the website:
> >> >
> >> > Bug reference: =A0 =A0 =A06687
> >> > Logged by: =A0 =A0 =A0 =A0 =A0David Fetter
> >> > Email address: =A0 =A0 =A0david@fetter.org
> >> > PostgreSQL version: 9.1.4
> >> > Operating system: =A0 All
> >> > Description:
> >> >
> >> > When calling initdb -A, it is assumed--wrongly in the case of ident,=
 that
> >> > every method is valid for both local and network.
> >>
> >> Um, what do you mean?
> >>
> >> If I specify initdb -A, it gives me peer on local and ident on tcp, is
> >> that not what you expected?
> >>
> >> Or maybe I'm misunderstanding the problem completely.. What is
> >> happening, and what are you expecting to happen?
> >
> > We have a design issue, namely that initdb -A blindly applies the auth
> > method specified to all default accesses. =A0This is the correct
> > behavior for all auth methods except for ident, where it is wrong just
> > about everywhere for network (localhost rather than local) access.
>=20
> Uh, what *would* you expect to happen if you choose "ident"? That
> something different than what you choose is done?

I'd expect it to error out because it's trying to apply ident to
things which to an excellent approximation can never work, namely
localhost (ipv4 and ipv6 versions).  That this misbehavior is
long-standing doesn't make it correct.

This came up in IRC with someone trying to create automated deployment
scripts using initdb -A and then connecting to localhost instead of
local.  You could argue that this is pilot error, but it's a perfectly
reasonable thing for someone new to try, but there is nothing to
indicate the source of the problems he's seeing.

Cheers,
David.
--=20
David Fetter <david@fetter.org> http://fetter.org/
Phone: +1 415 235 3778  AIM: dfetter666  Yahoo!: dfetter
Skype: davidfetter      XMPP: david.fetter@gmail.com
iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate

pgsql-bugs by date:

Previous
From: Magnus Hagander
Date:
Subject: Re: BUG #6687: initdb -A ident can almost never be correct
Next
From: Magnus Hagander
Date:
Subject: Re: BUG #6687: initdb -A ident can almost never be correct