On 02.07.2012 15:08, Amit Kapila wrote:
Attached is a Patch to change the parsing of pg_ident.conf to make it
similar to pg_hba.conf.
This is based on Todo Item:
http://archives.postgresql.org/pgsql-hackers/2011-06/msg02204.php
Purpose - This will allow to catch syntax errors in pg_ident at the startup
or reload time.
Changes are described as follows:
a. Make the load_ident() functionality same as load_hba, such that it
cleans the previous context, after successful parsing.
b. Change the load_ident(), so that parsing can be done during load
time and the parsed lines are saved.
c. Change the functionality of parse_ident_usermap() so that parsing is
not done during authentication.
d. If load_ident() fails for parsing, it returns false and error is
issued.
Looks good to me, committed with some small cleanup.
This point I am not sure, as for pg_hba failure it issues FATAL at
startup. Currently I have kept error handling for load of pg_ident same as
pg_hba
I think we should be more lenient with pg_ident.conf, and behave as if
the file was empty. That is the old behavior, and it seems sensible. You
can still connect using an authentication method that doesn't use
pg_ident.conf, but if pg_hba.conf is missing, you cannot log in at all.
Thanks!
- Heikki
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
