Thread: separate initdb -A options for local and host

separate initdb -A options for local and host

From

Peter Eisentraut

Date:

25 November 2011, 22:20:27

I think it would be useful to have separate initdb -A options for local
and host entries.  In 9.1, we went out of our way to separate the "peer"
and "ident" methods, but we have moved the confusion into the initdb -A
option, where "ident" sometimes means "peer", and "peer" sometimes means
"ident".  Moreover, having separate options would allow what I think
would be a far more common use case, namely having local "peer" and host
something other than "ident", such as "md5".

I'm thinking, we could keep the existing -A option, but add long options
such as --auth-local and --auth-host, to specify more detail.

Re: separate initdb -A options for local and host

From

Peter Eisentraut

Date:

14 January 2012, 21:19:09

On lör, 2011-11-26 at 01:20 +0200, Peter Eisentraut wrote:
> I think it would be useful to have separate initdb -A options for local
> and host entries.  In 9.1, we went out of our way to separate the "peer"
> and "ident" methods, but we have moved the confusion into the initdb -A
> option, where "ident" sometimes means "peer", and "peer" sometimes means
> "ident".  Moreover, having separate options would allow what I think
> would be a far more common use case, namely having local "peer" and host
> something other than "ident", such as "md5".
>
> I'm thinking, we could keep the existing -A option, but add long options
> such as --auth-local and --auth-host, to specify more detail.

Here is a patch that implements exactly that.

Attachment

initdb-auth-options.patch

Re: separate initdb -A options for local and host

From

Robert Haas

Date:

16 January 2012, 01:26:44

On Sat, Jan 14, 2012 at 5:18 PM, Peter Eisentraut <peter_e@gmx.net> wrote:
> On lör, 2011-11-26 at 01:20 +0200, Peter Eisentraut wrote:
>> I think it would be useful to have separate initdb -A options for local
>> and host entries.  In 9.1, we went out of our way to separate the "peer"
>> and "ident" methods, but we have moved the confusion into the initdb -A
>> option, where "ident" sometimes means "peer", and "peer" sometimes means
>> "ident".  Moreover, having separate options would allow what I think
>> would be a far more common use case, namely having local "peer" and host
>> something other than "ident", such as "md5".
>>
>> I'm thinking, we could keep the existing -A option, but add long options
>> such as --auth-local and --auth-host, to specify more detail.
>
> Here is a patch that implements exactly that.

I reviewed this patch.  It looks OK to me.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company