On 12/5/16 7:09 PM, dennisr@visi.com wrote:
> My preference is to use a network address for this stuff but I was over ruled and needed to use a host specific name
oraddress in the config file. I wanted to use a CNAME in place of the A or PTR records so as in the event we ever have
torebuild a new WAL receiver, I would only need to repoint the CNAME in the DNS system and avoid the possibility of
updatinga few hundred pg_hba.conf’s with a new IP address or hostname (this is a private cloud environment I am working
withso I don’t have a lot of control over hostnames of the nodes they give me or even the networks the node is placed
in.)
Note that the IP addresses in pg_hba.conf are not really by themselves a
primary security measure, because the source IP addresses in the same
network are (potentially) under control of the source host. Their
purpose is rather to allow different classes of hosts to use different
authentication mechanisms. For example, newer hosts might use SSL,
older hosts passwords.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
