On Thu, Dec 12, 2019 at 12:23:42AM -0500, Tom Lane wrote:
> David Fetter <david@fetter.org> writes:
> > I've found myself writing a lot of boilerplate pg_hba.conf entries
> > along the lines of
> > hostnossl all all 0.0.0.0/0 reject
> > hostssl all all 0.0.0.0/0 md5
> > so I thought I'd make it easier to do that from initdb.
> > What say?
>
> I'm pretty suspicious of loading down initdb with random configuration
> options, because I think most people nowadays use PG via vendor packages
> that script their calls to initdb. So an option like this doesn't help
> unless you can persuade all those vendors to pass the option through.
Would the official PGDG .deb and .rpm packages suffice?
> That problem exists even before you get to the question of whether
> this specific option is useful or well-designed ... a question I'm
> not opining about here, but it would certainly require thought.
I think it was a reasonable extension. We cover lines that start with
local and host, but they can also start with hostssl and hostnossl.
Meanwhile, please find attached a fix for an oversight around IPv6.
Best,
David.
--
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778
Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate
