Re: hba_conf: only first line is checked - Mailing list pgsql-admin

From Tom Lane
Subject Re: hba_conf: only first line is checked
Date
Msg-id 20584.980574853@sss.pgh.pa.us
Whole thread Raw
In response to hba_conf: only first line is checked  (Cédric Mesnil <cedric.mesnil@trusted-logic.fr>)
List pgsql-admin
=?iso-8859-1?Q?C=E9dric?= Mesnil <cedric.mesnil@trusted-logic.fr> writes:
> I want to allow some user to connect to my db with password authentication against
> a first password file and allow other user against  a second one. I ve writen  the following pg_hba.conf:

> host           all   192.168.1.201   255.255.255.255       password passwd
> host           all   192.168.1.201   255.255.255.255       password passwd2

This does not make any sense to me.  Why don't you just merge the two
password files?  If you want to have distinct password files for
distinct situations, then the situations have to actually be distinct,
ie, different host addresses or database names in pg_hba.conf.  The
postmaster will stop on the first pg_hba.conf line that matches the
client hostaddress and requested database, so the second line in the
above example can never be reached.  This is not a bug; if we changed
it then we'd break a lot of other useful cases.

            regards, tom lane

pgsql-admin by date:

Previous
From: "a"
Date:
Subject: postgres limitation
Next
From: R D
Date:
Subject: Re: postgres limitation