On 27.2.2015 17:59, Stephen Frost wrote: > All, > > * Tomas Vondra (tomas.vondra@2ndquadrant.com) wrote: >> >> The other feature that'd be cool to have is a debugging function >> on top of the view, i.e. a function pg_hba_check(host, ip, db, >> user, pwd) showing which hba rule matched. But that's certainly >> nontrivial. > > I'm not sure that I see why, offhand, it'd be much more than trivial > ...
>From time to time I have to debug why are connection attempts failing, and with moderately-sized pg_hba.conf files (e.g. on database servers shared by multiple applications) that may be tricky. Identifying the rule that matched (and rejected) the connection would be helpful.
If you did actually get a rejected connection, you get that in the log (as of 9.3, iirc). Such a function would make it possible to test it without having failed first though :)