On 2/3/17 17:47, Michael Paquier wrote: > On Fri, Feb 3, 2017 at 4:59 AM, Simon Riggs <si...@2ndquadrant.com> wrote: >>> It's weirdly inconsistent now. You need a "replication" line in >>> pg_hba.conf to connect for logical decoding, but you can't restrict that >>> to a specific database because the database column in pg_hba.conf is >>> occupied by the "replication" key word. >> Agreed. Change needed. > That sounds really apealling indeed after thinking about its > implications. So we would simply authorize a WAL sender sending > "replication" to connect if the user name matches. That's in short > check_db() in hba.c.
In <https://www.postgresql.org/message-id/7a33990f-75b1-5a4f-e7c0-223e15b84...@2ndquadrant.com> patch 0006 it is proposed to no longer use the "replication" keyword in pg_hba.conf for logical replication and use the normal database entries instead. However, I don't think we can reasonably get rid of the replication keyword for physical replication. Say if you have a pg_hba.conf like host db1 someusers ... host db2 someusers ... host db3 someusers ... how would you decide access for physical replication? Since physical replication is not to a database, you need a way to call it out separately if your pg_hba.conf style is to enumerate databases. What we could do to make things simpler is to include "replication" in the "all" keyword. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers