From: | "Nigel J(dot) Andrews" <nandrews(at)investsystems(dot)co(dot)uk> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | pgsql-hackers(at)postgresql(dot)org, Jon Jenson <jon(at)endpoint(dot)com> |
Subject: | Re: host and hostssl equivalence in pg_hba.conf |
Date: | 2003-06-10 13:57:06 |
Message-ID: | Pine.LNX.4.21.0306101451590.2332-100000@ponder.fairway2k.co.uk |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general pgsql-hackers |
On Tue, 10 Jun 2003, Tom Lane wrote:
> "Nigel J. Andrews" <nandrews(at)investsystems(dot)co(dot)uk> writes:
> > How do people feel about changing matching for host and hostssl to be such that
> > a plain host line in pg_hba.conf does not allow a SSL connection but requires
> > the hostssl specifier?
>
> Then there would be no way to have a host entry that allowed both ---
> which, aside from being a loss of functionality, would doubtless break
> existing setups.
Well, what I was thinking of would have allowed it, just using two entries, a
host one and a hostssl one.
> I'd hold still for a "hostnossl" keyword, I guess, but I don't entirely
> see the use for it.
Well Jon Jenson's posted something else on this which I should read when I've
got my mind more in tune with it.
> If your real gripe is that libpq insists on trying SSL connections
> first, the server is the wrong end to be patching that problem at.
> There should be a way to control libpq's allow_ssl_try state variable
> from the outside.
A quick read makes me think that's what Jon's post is on about.
--
Nigel Andrews
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2003-06-10 14:11:00 | Re: host and hostssl equivalence in pg_hba.conf |
Previous Message | Bruno Wolff III | 2003-06-10 13:52:20 | Re: Pg_dumpall |
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2003-06-10 14:11:00 | Re: host and hostssl equivalence in pg_hba.conf |
Previous Message | Patrick Macdonald | 2003-06-10 13:48:29 | Re: Returning to the List |