Home > mailing lists

Re: BUG #5763: pg_hba.conf not honored - Mailing list pgsql-bugs

From	Robert Haas
Subject	Re: BUG #5763: pg_hba.conf not honored
Date	November 28, 2010 11:56:46
Msg-id	AANLkTik1TCt3oX=cUZ0UiqAe2XdeDc5uX18z4xCFsqgx@mail.gmail.com Whole thread Raw
In response to	Re: BUG #5763: pg_hba.conf not honored (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: BUG #5763: pg_hba.conf not honored (Tom Lane <tgl@sss.pgh.pa.us>) Re: BUG #5763: pg_hba.conf not honored (Peter Eisentraut <peter_e@gmx.net>)
List	pgsql-bugs

Tree view

On Tue, Nov 23, 2010 at 10:29 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> "Kaiting Chen" <kaitocracy@gmail.com> writes:
>> From this pg_hba configuration as the user 'kaiting.chen' is not in role
>> 'service' the second entry in the table should be skipped and he should
>> authenticate via GSSAPI. However this does not happen.
>
> I believe the definition of "in role" we use here is "has the privileges
> of role". =A0Since kaiting.chen is a superuser, all privilege tests will
> succeed for him, including that one. =A0IOW, a superuser is automatically
> a member of every role. =A0This isn't a bug.

I guess it's not a bug if we did it that way on purpose, but it seems
like testing for actual group membership would be less surprising.

--=20
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

pgsql-bugs by date:

From: Tom Lane
Date: 27 November 2010, 20:26:24
Subject: Re: BUG #5773: DEBUG: reaping dead processes DEBUG: server process (PID 10007) was terminated by signal 11: Segme

From: Robert Haas
Date: 28 November 2010, 12:05:25
Subject: Re: Documentation bug: Chapter 35.4, paragraph 4

Re: BUG #5763: pg_hba.conf not honored - Mailing list pgsql-bugs

Previous

Next