Re: Indent authentication overloading

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, Bruce Momjian <bruce(at)momjian(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Indent authentication overloading
Date: 2011-03-14 13:43:05
Message-ID: AANLkTi=np-czrTxAtvzJyAhSOYcJ2O0BxjdZzrgpMkLv@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Mon, Mar 14, 2011 at 5:18 AM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> On Fri, Mar 11, 2011 at 15:36, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
>> On tor, 2011-03-10 at 22:45 +0100, Magnus Hagander wrote:
>>> On Thu, Mar 10, 2011 at 22:22, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
>>> >
>>> > Added to TODO:
>>> >
>>> >        Rename unix domain socket 'ident' connections to 'peer', to avoid
>>> >        confusion with TCP 'ident'
>>>
>>> Should we consider adding "peer" as an alias for "ident" already in
>>> 9.1 (and change the default pg_hba.conf template), and then deprecate
>>> ident for 9.2 and remove it in 9.3 or something? By adding the alias
>>> now (yes, I know it's not in the last CF :P), we can move what's going
>>> to be a long process up one release...
>>
>> Might as well, if you can get it done soon.  The documentation might
>> need more extensive adjustments.
>
> The code itself is pretty easy and localized, AFAICT. Attached is a
> patch taht implements "peer" for local connections, and automatically
> maps "ident" on local sockets to that (with a log message saying it
> did).
>
> If people want this to go in, I'll go over the documentation as well -
> as you say, that might need some more changes, but we're not as
> time-critical on that (meaning we can keep polishing it through beta).
>
> Also, I'd like to get around to making "initdb -A ident" automatically
> put "peer" for local sockets as well, which is not included in this
> patch but should be a very simple change.
>
> So. Thoughts?

The log message is an absolute non-starter. You're going to get that
on every backend startup on Windows, I believe.

Also, the text is not accurate: nothing has been automatically changed
to anything. The pg_hba.conf file is just as it was. You could say
something like "ident" authentication on local socket treated as
"peer", but I think a better idea would be to just remove this message
altogether. I see zero reason to force someone who has a pg_hba.conf
file that they have been using for years and are happy with to make
trivial changes to it on our account, and I'd be perfectly happy to
silently treat ident on a local socket as peer forever, while gently
encouraging the use of the newer term in our documentation.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Magnus Hagander 2011-03-14 13:45:26 Re: Indent authentication overloading
Previous Message Robert Haas 2011-03-14 13:33:19 Re: Shared invalidation cache messages for temporary tables