Re: Indent authentication overloading - Mailing list pgsql-hackers
| From | Magnus Hagander |
|---|---|
| Subject | Re: Indent authentication overloading |
| Date | |
| Msg-id | AANLkTin3CsscB1aM10uUv2KgkU-aHsY=rT4SiQk2idoc@mail.gmail.com Whole thread Raw |
| In response to | Re: Indent authentication overloading (Robert Haas <robertmhaas@gmail.com>) |
| Responses |
Re: Indent authentication overloading
|
| List | pgsql-hackers |
On Mon, Mar 14, 2011 at 14:43, Robert Haas <robertmhaas@gmail.com> wrote: > On Mon, Mar 14, 2011 at 5:18 AM, Magnus Hagander <magnus@hagander.net> wrote: >> On Fri, Mar 11, 2011 at 15:36, Peter Eisentraut <peter_e@gmx.net> wrote: >>> On tor, 2011-03-10 at 22:45 +0100, Magnus Hagander wrote: >>>> On Thu, Mar 10, 2011 at 22:22, Bruce Momjian <bruce@momjian.us> wrote: >>>> > >>>> > Added to TODO: >>>> > >>>> > Rename unix domain socket 'ident' connections to 'peer', to avoid >>>> > confusion with TCP 'ident' >>>> >>>> Should we consider adding "peer" as an alias for "ident" already in >>>> 9.1 (and change the default pg_hba.conf template), and then deprecate >>>> ident for 9.2 and remove it in 9.3 or something? By adding the alias >>>> now (yes, I know it's not in the last CF :P), we can move what's going >>>> to be a long process up one release... >>> >>> Might as well, if you can get it done soon. The documentation might >>> need more extensive adjustments. >> >> The code itself is pretty easy and localized, AFAICT. Attached is a >> patch taht implements "peer" for local connections, and automatically >> maps "ident" on local sockets to that (with a log message saying it >> did). >> >> If people want this to go in, I'll go over the documentation as well - >> as you say, that might need some more changes, but we're not as >> time-critical on that (meaning we can keep polishing it through beta). >> >> Also, I'd like to get around to making "initdb -A ident" automatically >> put "peer" for local sockets as well, which is not included in this >> patch but should be a very simple change. >> >> So. Thoughts? > > The log message is an absolute non-starter. You're going to get that > on every backend startup on Windows, I believe. No, you're not. Because we don't do unix sockets on windows, for obvious reasons. You *would* get it on all RPM based installations, or DEB based installations, on *unix*, unless the patch to initdb is done (which it is now actually, just wasn't when I posted) That said, it can easily be removed. > Also, the text is not accurate: nothing has been automatically changed > to anything. The pg_hba.conf file is just as it was. You could say > something like "ident" authentication on local socket treated as > "peer", but I think a better idea would be to just remove this message > altogether. I see zero reason to force someone who has a pg_hba.conf > file that they have been using for years and are happy with to make > trivial changes to it on our account, and I'd be perfectly happy to > silently treat ident on a local socket as peer forever, while gently > encouraging the use of the newer term in our documentation. The idea being to let people know it's been deprecated, nothing else. But sure, we can just remove the message - at elast for now, and maybe add it $n releases down the road when people are expected to have changed over. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/
pgsql-hackers by date: