On 02.07.2012 15:08, Amit Kapila wrote:
> Attached is a Patch to change the parsing of pg_ident.conf to make it
> similar to pg_hba.conf.
> This is based on Todo Item:
> http://archives.postgresql.org/pgsql-hackers/2011-06/msg02204.php
>
> Purpose - This will allow to catch syntax errors in pg_ident at the startup
> or reload time.
>
>
> Changes are described as follows:
> a. Make the load_ident() functionality same as load_hba, such that it
> cleans the previous context, after successful parsing.
> b. Change the load_ident(), so that parsing can be done during load
> time and the parsed lines are saved.
> c. Change the functionality of parse_ident_usermap() so that parsing is
> not done during authentication.
> d. If load_ident() fails for parsing, it returns false and error is
> issued.
Looks good to me, committed with some small cleanup.
> This point I am not sure, as for pg_hba failure it issues FATAL at
> startup. Currently I have kept error handling for load of pg_ident same as
> pg_hba
I think we should be more lenient with pg_ident.conf, and behave as if
the file was empty. That is the old behavior, and it seems sensible. You
can still connect using an authentication method that doesn't use
pg_ident.conf, but if pg_hba.conf is missing, you cannot log in at all.
Thanks!
- Heikki