Thread: replication requires redundant rule in pga_hba?
It seems like the following is redundant:
--
Wells Oliver
wellsoliver@gmail.com
host all all 0.0.0.0/0 md5
hostnossl replication replicationuser 0.0.0.0/0 md5
The first one allows either SSL or non SSL to all users for all DBs from any address via MD5. Good for everything, no? Yet if I remove the second line, I see a bunch of:
FATAL: no pg_hba.conf entry for replication connection from host 10...., user "replicationuser", SSL off
Why is this? What am I missing?
Wells Oliver
wellsoliver@gmail.com
Wells Oliver <wellsoliver@gmail.com> writes: > It seems like the following is redundant: > host all all 0.0.0.0/0 md5 > hostnossl replication replicationuser 0.0.0.0/0 md5 > The first one allows either SSL or non SSL to all users for all DBs from > any address via MD5. Good for everything, no? Yet if I remove the second > line, I see a bunch of: > FATAL: no pg_hba.conf entry for replication connection from host 10...., > user "replicationuser", SSL off > Why is this? What am I missing? I believe replication intentionally requires a special entry, ie is deliberately not included in "all". The theory is that such a connection gives access to absolutely everything in the database cluster, which is more access than any regular connection has, so we don't want to let one be made unintentionally. regards, tom lane