Postgres Pro
Downloads
Home   >   mailing lists

Re: [ADMIN] Acess Control ! - Mailing list pgsql-admin

From Vasanth R
Subject Re: [ADMIN] Acess Control !
Date
Msg-id CAOC34s9A0qXtnStu-uS_i0Fc0n=r9hXNkuT4N1bC=JW-RvRQ=w@mail.gmail.com
Whole thread Raw
In response to Re: [ADMIN] Acess Control !  (Elson Vaz <elsonlei@gmail.com>)
Responses Re: [ADMIN] Acess Control !  (Elson Vaz <elsonlei@gmail.com>)
List pgsql-admin
Tree view
It is read from up to down until specific criteria is true. It stops there and doesn't read thru rest of the lines.
On Wed, Oct 4, 2017 at 06:41 Elson Vaz <elsonlei@gmail.com> wrote:
Good morning pinker,


Thank you for approch, but i maked this teste:
  1.  Reject xpto  connection from all adress and  after acept  xpto connection from this adress - result  = work good (lock connection for xtpo come from other adress and acept from this adress)

# TYPE  DATABASE        USER         ADDRESS           METHOD
host       xpto                   system       10.72.18.0/24         reject
   host        xpto                   system       0.0.0.0/0                 reject 
   host       xpto                   system       10.75.15.60/32       md5
              host       all                       all             0.0.0.0/0               md5  
 
 
  1.  acept xpto  connection from especific adress and  after reject from all connection - result = (acept all connection, that  come from all adress )

    # TYPE  DATABASE        USER         ADDRESS           METHOD
    host       xpto                   system       10.75.15.60/32       md5
                   host       all                       all             0.0.0.0/0                md5 
                   host       xpto                   system       10.72.18.0/24         reject
                   host        xpto                   system       0.0.0.0/0                 reject 


    So, maybe the read come from up to down? or have other explanation? i don't know, i use postgres 9.4.

    2017-10-03 20:55 GMT-01:00 pinker <pinker@onet.eu>:
    be careful with order change. This proposed by Scott was correct; yours will
    reject all the connections made by user system to xpto. Documentation says:

    > The first record with a matching connection type, client address,
    > requested database, and user name is used to perform authentication. There
    > is no "fall-through" or "backup": if one record is chosen and the
    > authentication fails, subsequent records are not considered.





    --
    Sent from: http://www.postgresql-archive.org/PostgreSQL-admin-f2076596.html


    --
    Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
    To make changes to your subscription:
    http://www.postgresql.org/mailpref/pgsql-admin

    --
    Thanks
    Vasanth

    pgsql-admin by date:

    Previous
    From: Elson Vaz
    Date:
    Subject: Re: [ADMIN] Acess Control !
    Next
    From: Elson Vaz
    Date:
    Subject: Re: [ADMIN] Acess Control !