On Tue, Nov 17, 2015 at 9:37 AM, Peter Eisentraut <pete...@gmx.net> wrote:
> On 11/16/15 2:37 AM, Haribabu Kommi wrote:
>> On Mon, Nov 16, 2015 at 2:30 PM, Peter Eisentraut <pete...@gmx.net> wrote:
>>> On 7/21/15 5:15 AM, Haribabu Kommi wrote:
>>>> With the output of this view, administrator can identify the lines
>>>> that are matching for the given
>>>> criteria easily without going through the file.
>>> How is this useful?  I could see the use if you want to debug cases of
>>> user foo on host bar says they can't connect, but you can't impersonate
>>> them to verify it.  But then all you need is a function with a scalar
>>> result, not a result set.
>> Do you mean the function should return true or false based on the connection
>> status with the provided arguments?
>> I also feel difficult to understand the function result as compared to a 
>> view.
> An hba lookup is essentially a lookup by user name, database name,
> client address, yielding an authentication method (possibly with
> parameters).  So I think this function should work that way as well:
> arguments are user name, database name, and so on, and the return value
> is an authentication method.  Maybe it would be some kind of record,
> with line number and some parameters.
> That would address the use case I put forth above.  I don't know whether
> that's what you were going for.

Thanks. Here I attached the poc patch that returns authentication method of the
first matched hba entry in pg_hba.conf with the given input values.
Currently these
functions returns text type. Based on the details required to be
printed, it can
be changed.

postgres=# select pg_hba_lookup('all', 'all');
(1 row)

comments for the approach?

Hari Babu
Fujitsu Australia

Attachment: pg_hba_lookup_poc_v2.patch
Description: Binary data

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to