On Wednesday 25 June 2008 17:52, Dickson S. Guedes wrote:
Thanks for all yours suggestions, use cases and opinion about this
thread, I saw that there are more things to consider than I was
thinking and this make me consider that it is a hard work to do for
now.
Huh? You should get started on
On Thu, Jun 26, 2008 at 6:04 PM, Josh Berkus [EMAIL PROTECTED] wrote:
On Wednesday 25 June 2008 17:52, Dickson S. Guedes wrote:
Thanks for all yours suggestions, use cases and opinion about this
thread, I saw that there are more things to consider than I was
thinking and this make me consider
Thanks for all yours suggestions, use cases and opinion about this
thread, I saw that there are more things to consider than I was
thinking and this make me consider that it is a hard work to do for
now.
--
[]s
Dickson S. Guedes
-
Projeto Colmeia - Curitiba -
On Sun, Jun 15, 2008 at 11:53:57PM +0200, Peter Eisentraut wrote:
Isn't that what a local DNS caching-only server would accomplish?
Only if you looked up the DNS name at auth time :)
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via
On Sun, Jun 15, 2008 at 11:56:35PM +0200, Peter Eisentraut wrote:
It would probably be a good idea to check how other programs deal with
hostname lookups during authentication. Programs like SSH, Apache, and Squid
come to mind.
There is actually a great deal of controversy about most of
Am Montag, 16. Juni 2008 schrieb Andrew Sullivan:
Since that's possibly about to go to IETF last
call, it'd be a good time for someone planning to implement something
to look at that document, and report on whether it provides any useful
guidance at all. I'd be keenly interested in hearing
Am Donnerstag, 12. Juni 2008 schrieb Dickson S. Guedes:
There is a TODO Item to allow pg_hba.conf to specify host names along
with IP addresses.
I'm a bit curious how useful in practice this would actually be. Obviously,
you want to use host names to simplify the management of hosts,
On Mon, Jun 16, 2008 at 11:47:21AM +0200, Peter Eisentraut wrote:
I'm a bit curious how useful in practice this would actually be. Obviously,
you want to use host names to simplify the management of hosts, currently
being done with IP addresses. But how widely useful is it really to
* Andrew Sullivan ([EMAIL PROTECTED]) wrote:
On Mon, Jun 16, 2008 at 11:47:21AM +0200, Peter Eisentraut wrote:
I'm a bit curious how useful in practice this would actually be.
Obviously,
you want to use host names to simplify the management of hosts, currently
being done with IP
On Fri, 13 Jun 2008 16:14:13 -0400 Alvaro Herrera wrote:
Andrew Sullivan wrote:
This is because DNS RRs have a TTL on them, so looking up the host at
any moment other than when you're actually doing the authentication is
prone to error.
Perhaps the solution to this problem is to do
Alvaro Herrera wrote:
Perhaps the solution to this problem is to do the lookups and store the
TTL of each answer. At the time of actually checking you need only get
a new answer for those that expired.
Isn't that what a local DNS caching-only server would accomplish?
--
Sent via
Dickson S. Guedes wrote:
SSH uses an approach like that.
It would probably be a good idea to check how other programs deal with
hostname lookups during authentication. Programs like SSH, Apache, and Squid
come to mind.
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To
On Fri, 2008-06-13 at 22:38 -0400, Andrew Sullivan wrote:
If you don't look up
at _least_ at connection time, this feature should be rejected on the
grounds that it opens a new authentication hole a mile wide.
That seems conclusive to me.
--
Simon Riggs www.2ndQuadrant.com
On Jun 12, 2008, at 12:25 PM, Bruce Momjian wrote:
Dickson S. Guedes wrote:
Hi all,
There is a TODO Item to allow pg_hba.conf to specify host names along
with IP addresses.
I'd like to work on this feature, if nobody is working too and no
objection exists.
Please do --- I know of no one
Bruce Momjian wrote:
Dickson S. Guedes wrote:
Hi all,
There is a TODO Item to allow pg_hba.conf to specify host names along
with IP addresses.
I'd like to work on this feature, if nobody is working too and no
objection exists.
Please do --- I know of no one working on that.
On Fri, Jun 13, 2008 at 12:47:22PM -0400, Andrew Dunstan wrote:
The reason it wasn't done years ago was that there was disagreement on the
way it should work. And the TODO actually lists several alternatives:
Host name lookup could occur when the postmaster reads the
pg_hba.conf file,
Andrew Dunstan [EMAIL PROTECTED] writes:
The reason it wasn't done years ago was that there was disagreement on
the way it should work. And the TODO actually lists several alternatives:
IIRC, the major reason there was disagreement was the prospect of
unacceptable performance from any of the
On Fri, 2008-06-13 at 13:26 -0400, Andrew Sullivan wrote:
On Fri, Jun 13, 2008 at 12:47:22PM -0400, Andrew Dunstan wrote:
The reason it wasn't done years ago was that there was disagreement on the
way it should work. And the TODO actually lists several alternatives:
Host name lookup
On Fri, Jun 13, 2008 at 4:30 PM, Tom Lane [EMAIL PROTECTED] wrote:
Andrew Dunstan [EMAIL PROTECTED] writes:
The reason it wasn't done years ago was that there was disagreement on
the way it should work. And the TODO actually lists several alternatives:
IIRC, the major reason there was
Andrew Sullivan wrote:
This is because DNS RRs have a TTL on them, so looking up the host at
any moment other than when you're actually doing the authentication is
prone to error.
Perhaps the solution to this problem is to do the lookups and store the
TTL of each answer. At the time of
Alvaro Herrera [EMAIL PROTECTED] writes:
Perhaps the solution to this problem is to do the lookups and store the
TTL of each answer. At the time of actually checking you need only get
a new answer for those that expired.
This is not behavior we'd want to put into the postmaster, though,
and
Tom Lane wrote:
Alvaro Herrera [EMAIL PROTECTED] writes:
Perhaps the solution to this problem is to do the lookups and store the
TTL of each answer. At the time of actually checking you need only get
a new answer for those that expired.
This is not behavior we'd want to put into
On Fri, Jun 13, 2008 at 08:51:19PM +0100, Simon Riggs wrote:
The best of both ideas would be to have an option inside pg_hab.conf to
indicate when lookup occurs. Some parts of a network are static, others
are not, so a global option would not be useful.
We would point and laugh at people who
Hi all,
There is a TODO Item to allow pg_hba.conf to specify host names along
with IP addresses.
I'd like to work on this feature, if nobody is working too and no
objection exists.
Thanks.
--
[]s
Dickson S. Guedes
-
Projeto Colmeia - Curitiba - PR
+55 (41)
Dickson S. Guedes wrote:
Hi all,
There is a TODO Item to allow pg_hba.conf to specify host names along
with IP addresses.
I'd like to work on this feature, if nobody is working too and no
objection exists.
Please do --- I know of no one working on that.
--
Bruce Momjian [EMAIL
25 matches
Mail list logo