Re: Thoughts on pg_hba.conf rejection
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Robert Haas <robertmhaas@gmail.com>, Alvaro Herrera <alvherre@commandprompt.com>, Simon Riggs <simon@2ndquadrant.com>, Stephen Frost <sfrost@snowman.net>, Bruce Momjian <bruce@momjian.us>, Aidan Van Dyk <aidan@highrise.ca>, Joshua Tolley <eggyknap@gmail.com>, pgsql-hackers@postgresql.org
Date: 2010-04-20T14:19:45Z
Lists: pgsql-hackers
I wrote: > Actually, while I'm looking at that code, a more immediate TODO is > "fix walsender". Somebody has inserted an absolutely flight-of-fantasy > code path into InitPostgres. (Hint: template1 can be dropped. > ESPECIALLY when you're deliberately not taking any lock on it.) Now that I look more closely, it seems what we have actually got there is an incorrect attempt to solve the problem of authenticating without selecting any particular database. So we could solve both this and the original complaint in the thread if we can arrange for all authentication to be done on the basis of shared-catalog access under rules similar to what the AV launcher does with pg_database. At a minimum that will require marking the pg_auth catalogs as BKI_SCHEMA_MACRO, but that's far less painful than it used to be. I don't recall what other consequences there are, but will go looking. regards, tom lane