Andrew Dunstan wrote:
Andreas Pflug said:This doesn't look consistent to me. Local addresses can be all addresses that the host's interfaces are currently configured with, loopback is nothing special in this sense. The admin can easily do 'ifconfig' to see all addresses configured and enter them into pg_hba.conf, because these addresses are obvious.
Tommi Maekitalo wrote:
*nod* but it would be nicer if all loopback interfaces worked by default - hence my localhost suggestion, which would match any of
127.0.0.1/32
::ffff:127.0.0.1/128 and ::1/128
... That sounds good. Is it possible to extend lookup that way?
I'd feel a bit uncomfortable making ::1/128 from 127.0.0.1/32 because it's not converting the same address from one format into another, but a completely different address. Extending "local" to accept all local tcpip addresses would fit better.
I agree. The only automatic mapping in host* lines should be from p.q.r.s/n to ::ffff:p.q.r.s/n+96. Loopback interfaces are special and should be treated separately from the general case, which is what I propose to do.
We currently have this in the default pg_hba.conf file:
host all all 127.0.0.1 255.255.255.255 trust
The idea was to have something which would perform equivalently on IP4 only, IP4 over IP6 and pure IP6 connections, without breaking the postmaster host in any of them.
It is perfectly true that it could be mangled by the administrator - this would save him/her having to do so for the default case. In my proposal you would replace this default line with:
loopback all all trust
It's the fact that it is the default that makes it special. Does that make things clearer?
cheers
andrew
---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
