On Tue, Jun 8, 2010 at 12:42 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Fujii Masao <masao.fujii@gmail.com> writes:
>> On Mon, Jun 7, 2010 at 5:42 AM, Andrew Dunstan <andrew@dunslane.net> wrote:
>>> I tried this with a database name of "replication" in the .pgpass file,
>>> which matches what we need to use in pg_hba.conf, but it failed miserably,
>>> and only worked when I used a wildcard for the database name in the .pgpass
>>> file.
>>>
>>> If this is expected it needs to be documented more clearly; if not, it's a
>>> bug.
>
>> Yep, this is expected, so we need to improve the doc.
>
> Why don't we improve the code, instead? In particular make
> libpqrcv_connect() do
>
> - snprintf(conninfo_repl, sizeof(conninfo_repl), "%s replication=true", conninfo);
> + snprintf(conninfo_repl, sizeof(conninfo_repl), "%s database=replication replication=true", conninfo);
What if the real database named "replication" exists? How can we
specify the password only for replication purpose in that case?
BTW, to distinguish the replication connection from the connection
to the real database named "replication", I proposed changing the
.pgpass code so that it accepts the keyword only for replication,
like pg_hba.conf. But it was rejected, and as the result of the
discussion, we had consensus to not change the code.
http://archives.postgresql.org/pgsql-hackers/2010-01/msg00400.php
> I don't think it's unlikely that someone would try to enter a
> replication-specific password into ~/.pgpass.
Agreed.
But I think that we don't need to specify other than the wildcard
in the database field of .pgpass to use the replication-specific
password if the replication-specific user is supplied in .pgpass.
So the current code is enough for me. Am I missing something?
Regards,
--
Fujii Masao
NIPPON TELEGRAPH AND TELEPHONE CORPORATION
NTT Open Source Software Center
