Re: Indent authentication overloading

Magnus Hagander <magnus@hagander.net>

From: Magnus Hagander <magnus@hagander.net>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2010-11-17T15:43:00Z
Lists: pgsql-hackers
On Wed, Nov 17, 2010 at 16:39, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Magnus Hagander <magnus@hagander.net> writes:
>> Currently, we overload "indent" meaning both "unix socket
>> authentication" and "ident over tcp", depending on what type of
>> connection it is. This is quite unfortunate - one of them being one of
>> the most secure options we have, the other one being one of the most
>> *insecure* ones (really? ident over tcp? does *anybody* use that
>> intentionally today?)
>
>> Should we not consider naming those two different things?
>
> Maybe, but it seems like the time to raise the objection was six or
> eight years ago :-(.  Renaming now will do little except to introduce
> even more confusion.

For existing users, yes.
For new users, no.

I certainly get comments on it pretty much every time I do training
that includes explaining pg_hba options.

The question is if it's worth confusing our existing users a little,
at the advantage of not confusing new users. We could of course also
just drop ident-over-tcp completely, but there might be some poor guy
out there who actually *uses* it :-)

And I agree it would've been much better to do it years ago. That
doesn't mean we shouldn't at least *consider* doing it at some point.

-- 
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/