On 10/29/14, 11:23 AM, Josh Berkus wrote:
> I don't see a problem with having a "continue" directive, and
> documenting that it only works with peer and ident. Maybe someday
> (protocol bump) we can have a way to make other methods continue, and
> then nobody will need to change their files to support the new way.
Keep in mind that makes it far easier to accidentally screw up your hba.conf by putting a line in the wrong place.
Anyonethat's dealt with firewall rules (or apparently PAM) would probably be OK, but a lot of our users would end up
witha config that's not doing what they wanted.
--
Jim Nasby, Data Architect, Blue Treble Consulting
Data in Trouble? Get it in Treble! http://BlueTreble.com