Thread: .pgpass file and unix domain sockets
The documentation for the .pgpass file seems to be incorrect with respect to unix domain sockets. There's also a user comment saying that: http://www.postgresql.org/docs/8.1/interactive/libpq-pgpass.html The documentation suggests that the hostname part of .pgpass can be set to "localhost" to allow for automatic unix domain socket authentication. This doesn't seem to work. Instead you have to set the directory of the socket as the hostname part. If this was never supposed to actually work as described, I'll submit a doc patch that also explains in more detail how to use .pgpass for unix sockets. Joachim
Joachim Wieland <joe@mcknight.de> writes:
> The documentation suggests that the hostname part of .pgpass can be set to
> "localhost" to allow for automatic unix domain socket authentication. This
> doesn't seem to work. Instead you have to set the directory of the socket as
> the hostname part.
It looks to me like if you don't specify the host in the connection request,
then "localhost" is indeed used to search .pgpass with. *However*, if
you specify a socket path in pghost, then that's what's used.
I'm not sure if that's a bug or not. Arguably, different socket paths
might point to different servers for which you need different passwords.
If we did want unix-socket connections to search for "localhost"
regardless of socket path, it'd be a simple change (change the order of
operations in connectOptions2). But maybe the code is right and we
should fix the documentation. Or maybe this whole notion of using
"localhost" is bogus and we should always use the socket path.
regards, tom lane
On Wed, May 10, 2006 at 09:34:38PM -0400, Tom Lane wrote: > I'm not sure if that's a bug or not. Arguably, different socket paths > might point to different servers for which you need different passwords. > If we did want unix-socket connections to search for "localhost" > regardless of socket path, it'd be a simple change (change the order of > operations in connectOptions2). But maybe the code is right and we > should fix the documentation. Or maybe this whole notion of using > "localhost" is bogus and we should always use the socket path. Maybe something like "unix:*" would match all sockets and "unix:/tmp" would match just that one. Or maybe just allow the special string "unix:" match any socket and leave the rest alone. Have a nice day, -- Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/ > From each according to his ability. To each according to his ability to litigate.