Bruce Momjian wrote: > Magnus Hagander wrote: >> Magnus Hagander wrote: >> >> [about the ability to use different maps for ident auth, gss and krb >> auth for example] >> >>>>>> It wouldn't be very easy/clean to do that w/o breaking the existing >>>>>> structure of pg_ident though, which makes me feel like using seperate >>>>>> files is probably the way to go. >> Actually, I may have to take that back. We already have support for >> multiple maps in the ident file, I'm not really sure anymore of the case >> where this wouldn't be enough :-) >> >> That said, I still think we want to parse pg_hba in the postmaster, >> because it allows us to not load known broken files, and show errors >> when you actually change the file etc. ;-) >> >> I did code up a POC patch for it, and it's not particularly hard to do. >> Mostly it's just moving the codepath from the backend to the postmaster. >> I'll clean it up a but and post it, just so ppl can see what it looks >> like... > > To address Magnus' specific question, right now we store the pg_hba.conf > tokens as strings in the postmaster. I am fine with storing them in a > more native format and throwing errors for values that don't convert. > What would concern me is calling lots of 3rd party libraries from the > postmaster to validate items.
If I was unclear about that, that part was never part of what I proposed. I'm only talking aobut parsing the syntax. The only external calls in the code there now is the getaddrinfo calls to convert the IPs, IIRC. //Magnus -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
