On Thu, Jun 26, 2008 at 6:04 PM, Josh Berkus <[EMAIL PROTECTED]> wrote:
> On Wednesday 25 June 2008 17:52, Dickson S. Guedes wrote:
>> Thanks for all yours suggestions, use cases and opinion about this
>> thread, I saw that there are more things to consider than I was
>> thinking and this make me c
On Wednesday 25 June 2008 17:52, Dickson S. Guedes wrote:
> Thanks for all yours suggestions, use cases and opinion about this
> thread, I saw that there are more things to consider than I was
> thinking and this make me consider that it is a hard work to do for
> now.
Huh? You should get started
Thanks for all yours suggestions, use cases and opinion about this
thread, I saw that there are more things to consider than I was
thinking and this make me consider that it is a hard work to do for
now.
--
[]s
Dickson S. Guedes
-
Projeto Colmeia - Curitiba - P
* Andrew Sullivan ([EMAIL PROTECTED]) wrote:
> On Mon, Jun 16, 2008 at 11:47:21AM +0200, Peter Eisentraut wrote:
> > I'm a bit curious how useful in practice this would actually be.
> > Obviously,
> > you want to use host names to simplify the management of hosts, currently
> > being done with
On Mon, Jun 16, 2008 at 11:47:21AM +0200, Peter Eisentraut wrote:
> I'm a bit curious how useful in practice this would actually be. Obviously,
> you want to use host names to simplify the management of hosts, currently
> being done with IP addresses. But how widely useful is it really to
> a
Am Donnerstag, 12. Juni 2008 schrieb Dickson S. Guedes:
> There is a TODO Item to allow pg_hba.conf to specify host names along
> with IP addresses.
I'm a bit curious how useful in practice this would actually be. Obviously,
you want to use host names to simplify the management of hosts, current
Am Montag, 16. Juni 2008 schrieb Andrew Sullivan:
> Since that's possibly about to go to IETF last
> call, it'd be a good time for someone planning to implement something
> to look at that document, and report on whether it provides any useful
> guidance at all. I'd be keenly interested in hearing
On Sun, Jun 15, 2008 at 11:56:35PM +0200, Peter Eisentraut wrote:
> It would probably be a good idea to check how other programs deal with
> hostname lookups during authentication. Programs like SSH, Apache, and Squid
> come to mind.
There is actually a great deal of controversy about most of
On Sun, Jun 15, 2008 at 11:53:57PM +0200, Peter Eisentraut wrote:
>
> Isn't that what a local DNS caching-only server would accomplish?
Only if you looked up the DNS name at auth time :)
A
--
Andrew Sullivan
[EMAIL PROTECTED]
+1 503 667 4564 x104
http://www.commandprompt.com/
--
Sent via pgs
On Fri, 2008-06-13 at 22:38 -0400, Andrew Sullivan wrote:
> If you don't look up
> at _least_ at connection time, this feature should be rejected on the
> grounds that it opens a new authentication hole a mile wide.
That seems conclusive to me.
--
Simon Riggs www.2ndQuadrant.com
Dickson S. Guedes wrote:
> SSH uses an approach like that.
It would probably be a good idea to check how other programs deal with
hostname lookups during authentication. Programs like SSH, Apache, and Squid
come to mind.
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To
Alvaro Herrera wrote:
> Perhaps the solution to this problem is to do the lookups and store the
> TTL of each answer. At the time of actually checking you need only get
> a new answer for those that expired.
Isn't that what a local DNS caching-only server would accomplish?
--
Sent via pgsql-hac
On Fri, 13 Jun 2008 16:14:13 -0400 Alvaro Herrera wrote:
> Andrew Sullivan wrote:
>
> > This is because DNS RRs have a TTL on them, so looking up the host at
> > any moment other than when you're actually doing the authentication is
> > prone to error.
>
> Perhaps the solution to this problem is
On Fri, Jun 13, 2008 at 08:51:19PM +0100, Simon Riggs wrote:
> The best of both ideas would be to have an option inside pg_hab.conf to
> indicate when lookup occurs. Some parts of a network are static, others
> are not, so a global option would not be useful.
We would point and laugh at people wh
Tom Lane wrote:
Alvaro Herrera <[EMAIL PROTECTED]> writes:
Perhaps the solution to this problem is to do the lookups and store the
TTL of each answer. At the time of actually checking you need only get
a new answer for those that expired.
This is not behavior we'd want to put into t
Alvaro Herrera <[EMAIL PROTECTED]> writes:
> Perhaps the solution to this problem is to do the lookups and store the
> TTL of each answer. At the time of actually checking you need only get
> a new answer for those that expired.
This is not behavior we'd want to put into the postmaster, though,
a
Andrew Sullivan wrote:
> This is because DNS RRs have a TTL on them, so looking up the host at
> any moment other than when you're actually doing the authentication is
> prone to error.
Perhaps the solution to this problem is to do the lookups and store the
TTL of each answer. At the time of act
On Fri, Jun 13, 2008 at 4:30 PM, Tom Lane <[EMAIL PROTECTED]> wrote:
> Andrew Dunstan <[EMAIL PROTECTED]> writes:
>> The reason it wasn't done years ago was that there was disagreement on
>> the way it should work. And the TODO actually lists several alternatives:
>
> IIRC, the major reason there w
On Fri, 2008-06-13 at 13:26 -0400, Andrew Sullivan wrote:
> On Fri, Jun 13, 2008 at 12:47:22PM -0400, Andrew Dunstan wrote:
> > The reason it wasn't done years ago was that there was disagreement on the
> > way it should work. And the TODO actually lists several alternatives:
> >
> >Host name
Andrew Dunstan <[EMAIL PROTECTED]> writes:
> The reason it wasn't done years ago was that there was disagreement on
> the way it should work. And the TODO actually lists several alternatives:
IIRC, the major reason there was disagreement was the prospect of
unacceptable performance from any of th
On Fri, Jun 13, 2008 at 12:47:22PM -0400, Andrew Dunstan wrote:
> The reason it wasn't done years ago was that there was disagreement on the
> way it should work. And the TODO actually lists several alternatives:
>
>Host name lookup could occur when the postmaster reads the
>pg_hba.conf fi
Bruce Momjian wrote:
Dickson S. Guedes wrote:
Hi all,
There is a TODO Item to allow pg_hba.conf to specify host names along
with IP addresses.
I'd like to work on this feature, if nobody is working too and no
objection exists.
Please do --- I know of no one working on that.
Th
On Jun 12, 2008, at 12:25 PM, Bruce Momjian wrote:
Dickson S. Guedes wrote:
Hi all,
There is a TODO Item to allow pg_hba.conf to specify host names along
with IP addresses.
I'd like to work on this feature, if nobody is working too and no
objection exists.
Please do --- I know of no one wo
Dickson S. Guedes wrote:
> Hi all,
>
> There is a TODO Item to allow pg_hba.conf to specify host names along
> with IP addresses.
>
> I'd like to work on this feature, if nobody is working too and no
> objection exists.
Please do --- I know of no one working on that.
--
Bruce Momjian <[EMAI
Hi all,
There is a TODO Item to allow pg_hba.conf to specify host names along
with IP addresses.
I'd like to work on this feature, if nobody is working too and no
objection exists.
Thanks.
--
[]s
Dickson S. Guedes
-
Projeto Colmeia - Curitiba - PR
+55 (41) 32
25 matches
Mail list logo
