Re: BUG #4330: Bonjour connections ignore hba config METHOD and always trusted

[William Kyngesburye <kyngchaos(at)kyngchaos(dot)com>]

On Jul 28, 2008, at 3:35 PM, Tom Lane wrote:

> "William Kyngesburye" <kyngchaos(at)kyngchaos(dot)com> writes:
> > When connection with the Bonjour name of the postgres server, it  
> > ignores the
> > md5 setting and always trusts the connection.  I tried with other  
> > auth
> > methods with the same effect.
>
> What exactly have you got in pg_hba.conf?
>
> AFAIK there is no such thing as a "Bonjour connection"; Bonjour just
> provides a means for the server to advertise its IP address.  I
> speculate that what it's advertising is a port that you have  
> configured
> to be trusted.
>
> 			regards, tom lane


The default:

# "local" is for Unix domain socket connections only
local   all         all                               trust
# IPv4 local connections:
host    all         all         127.0.0.1/32          trust
# IPv6 local connections:
host    all         all         ::1/128               trust

and:

host  all  somerole  192.168.1.0/24  md5


the local unix and local tcp lines aren't catching the connection - if  
I remove my added connection, all external connections fail, as  
expected.  And I tried reording it so my addition is first, but a  
bonjour connection is still trusted.

I realize that bonjour just supplies IP info to the client.  I too  
find it strange that the server would see the connection differently.

-----
William Kyngesburye <kyngchaos*at*kyngchaos*dot*com>
http://www.kyngchaos.com/

"Time is an illusion - lunchtime doubly so."

- Ford Prefect