Thread: initdb auth method option and "ident sameuser"

initdb auth method option and "ident sameuser"

From
Bernd Helmle
Date:
I recently got a complaint from an OpenSuSE user, which had problems using 
PostgreSQL 8.4 installed by a broken RPM from build service. The init 
script used initdb --auth="ident sameuser" accidentally, to initialize the 
cluster (this seems to be the practice in older versions before, too). This 
caused the whole postgres startup to fail, since 8.4 refuses to accept such 
a line anymore.

Beside the fact that this is primarily the packagers fault, I wonder wether 
we should install an additional check in initdb.c against the requested 
authmethod to check against such a usage. It seems too easy to break an 
installation with a formerly common usage practice.
       Bernd


Re: initdb auth method option and "ident sameuser"

From
Tom Lane
Date:
Bernd Helmle <bernd@oopsware.de> writes:
> I recently got a complaint from an OpenSuSE user, which had problems using 
> PostgreSQL 8.4 installed by a broken RPM from build service. The init 
> script used initdb --auth="ident sameuser" accidentally, to initialize the 
> cluster (this seems to be the practice in older versions before, too). This 
> caused the whole postgres startup to fail, since 8.4 refuses to accept such 
> a line anymore.

> Beside the fact that this is primarily the packagers fault, I wonder wether 
> we should install an additional check in initdb.c against the requested 
> authmethod to check against such a usage. It seems too easy to break an 
> installation with a formerly common usage practice.

It doesn't seem very practical to have initdb validate that argument
fully.  I think partial validation is worse than none, so I'd prefer
to leave it alone.

In any case, having initdb error out there wouldn't be a lot better from
the user's standpoint than having the initdb succeed and then startup
fail.  In a lot of cases, people are going to be inserting custom
pg_hba.conf files anyhow as soon as they've finished initdb; in those
cases, having a failure there would just be useless pedantry.
        regards, tom lane