Thread: pg_hba.conf and IP-MASK

We have an IP-MASK column in pg_hba.conf.  Now that we are using CIDR
addresses by default, should we remove the column label?

We still support the a netmask value if they don't use CIDR format, but
now that the default is CIDR, it seems we should remove the column
label.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073
 

Bruce Momjian wrote:

>We have an IP-MASK column in pg_hba.conf.  Now that we are using CIDR
>addresses by default, should we remove the column label?
>
>  
>
I would mark it optional.


>We still support the a netmask value if they don't use CIDR format, but
>now that the default is CIDR, it seems we should remove the column
>label.
>
>  
>


-- 
Command Prompt, Inc., home of Mammoth PostgreSQL - S/ODBC and S/JDBC
Postgresql support, programming shared hosting and dedicated hosting.
+1-503-667-4564 - jd@commandprompt.com - http://www.commandprompt.com
PostgreSQL Replicator -- production quality replication for PostgreSQL

Joshua D. Drake wrote:
> Bruce Momjian wrote:
> 
> >We have an IP-MASK column in pg_hba.conf.  Now that we are using CIDR
> >addresses by default, should we remove the column label?
> >
> >  
> >
> I would mark it optional.

We could do that, but we could use the space if we removed it.  One
other confusing thing is that it isn't the last column in the row, so it
is optional only if you used CIDR format --- kind of strange.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073
 

Bruce Momjian said:
> Joshua D. Drake wrote:
>> Bruce Momjian wrote:
>>
>> >We have an IP-MASK column in pg_hba.conf.  Now that we are using CIDR
>> >addresses by default, should we remove the column label?
>> >
>> >
>> >
>> I would mark it optional.
>
> We could do that, but we could use the space if we removed it.  One
> other confusing thing is that it isn't the last column in the row, so
> it is optional only if you used CIDR format --- kind of strange.
>

The syntax rule (debated at length around May last year when this work was
done) is that you have to have either addr/nn for CIDR format or
addr<space>mask for the old-style format - both are documented in
ph_hba.conf and in the docs. So in fact the IP-MASK column is not optional
at all - it must be present if, and only if, you did not use a CIDR mask.

Since our defaults don't use old-style masks any more, I would be tempted to
remove the column labels for IP-ADDRESS and IP-MASK, and instead put in a
single heading of IP-ADDRESS/CIDR-MASK. If people want to use old-style
masks there is plenty of info on how to, without extra column headings.

cheers

andrew

"Andrew Dunstan" <andrew@dunslane.net> writes:
> Since our defaults don't use old-style masks any more, I would be tempted to
> remove the column labels for IP-ADDRESS and IP-MASK, and instead put in a
> single heading of IP-ADDRESS/CIDR-MASK.

I don't know why there is any debate about this.  When I said "fix the
comments to agree with the code", the column headings were certainly
one of the things I had in mind.  You should have done that in the
original patch.
        regards, tom lane

Tom Lane said:
> "Andrew Dunstan" <andrew@dunslane.net> writes:
>> Since our defaults don't use old-style masks any more, I would be
>> tempted to remove the column labels for IP-ADDRESS and IP-MASK, and
>> instead put in a single heading of IP-ADDRESS/CIDR-MASK.
>
> I don't know why there is any debate about this.  When I said "fix the
> comments to agree with the code", the column headings were certainly
> one of the things I had in mind.  You should have done that in the
> original patch.
>

Then I apologise. As I think I indicated, my time is very limited right now.
So rather than submit things that are incomplete I will be refraining from
pretty much any pg work for a while - I already did a lot more that I
originally set as my goals for this release.

cheers

andrew

Andrew Dunstan wrote:
> Tom Lane said:
> > "Andrew Dunstan" <andrew@dunslane.net> writes:
> >> Since our defaults don't use old-style masks any more, I would be
> >> tempted to remove the column labels for IP-ADDRESS and IP-MASK, and
> >> instead put in a single heading of IP-ADDRESS/CIDR-MASK.
> >
> > I don't know why there is any debate about this.  When I said "fix the
> > comments to agree with the code", the column headings were certainly
> > one of the things I had in mind.  You should have done that in the
> > original patch.
> >
> 
> Then I apologise. As I think I indicated, my time is very limited right now.
> So rather than submit things that are incomplete I will be refraining from
> pretty much any pg work for a while - I already did a lot more that I
> originally set as my goals for this release.

I will complete any adjustments.  Thanks.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073