| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Kevin Grittner <Kevin(dot)Grittner(at)wicourts(dot)gov> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: host name support in pg_hba.conf |
| Date: | 2010-08-09 19:29:49 |
| Message-ID: | 20100809192949.GB26232@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Kevin Grittner (Kevin(dot)Grittner(at)wicourts(dot)gov) wrote:
> > The client's IP address (known from the kernel)
>
> Some machines have several IP addresses; how is that handled?
Sounds like he already described it, or I read it wrong. The fact that
some machines have several IP addresses hardly matters- whatever IP is
used to connect to PG is what gets the reverse DNS lookup. That then
returns a host. That host is then looked up, and as long as *one* of
the IPs associated with that host matches the IP of the connector, it's
good to go.
> > is reverse looked up, which results in a host name.
>
> Some IP addresses have several host names, including in reverse
> lookup; how is that handled?
Yeahhhh... That's just busted, imnsho. But then, that's probably
because it breaks Kerberos too. :)
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2010-08-09 20:02:12 | Re: security label support, part.2 |
| Previous Message | Markus Wanner | 2010-08-09 19:27:24 | Re: dynamically allocating chunks from shared memory |