On 9/15/15 1:48 AM, Ben Chobot wrote:
> We're in a situation where we would like to take advantage of the pgpass
> hostname field to determine which password gets used. For example:
>
> psql -h prod-server -d foo # should use the prod password
> psql -h beta-server -d foo # should use the beta password
>
> This would *seem* to be simple, just put "prod-server" or "beta-server" into
> the hostname field of .pgpass. But if somebody uses the FQDN of those hosts,
> then the line does not match. If somebody uses the IP address of those hosts,
> again, no match. It seems that the hostname must match the hostname *exactly*
> - or match any host ("*"), which does not work for our use case.
>
> This seems to make the hostname field unnecessarily inflexible. Has anybody
> else experienced - and hopefully overcome - this pain? Maybe I'm just going
> about it all wrong.
The alternative would be to do a double host name resolution before
every connection that asks for a password, which would probably also
have some concerns.
I note, for example, that the OpenSSH configuration also goes by the
host name as you wrote it, and then has additional options to
canonicalize host names. That might be something to look into.
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
