On Sep 15, 2015, at 12:27 AM, Jim Nasby <Jim.Nasby@BlueTreble.com> wrote:
>
> On 9/15/15 12:48 AM, Ben Chobot wrote:
>> We're in a situation where we would like to take advantage of the pgpass hostname field to determine which password
getsused. For example:
>>
>> psql -h prod-server -d foo # should use the prod password
>> psql -h beta-server -d foo # should use the beta password
>>
>> This would *seem* to be simple, just put "prod-server" or "beta-server" into the hostname field of .pgpass. But if
somebodyuses the FQDN of those hosts, then the line does not match. If somebody uses the IP address of those hosts,
again,no match. It seems that the hostname must match the hostname *exactly* - or match any host ("*"), which does not
workfor our use case.
>>
>> This seems to make the hostname field unnecessarily inflexible. Has anybody else experienced - and hopefully
overcome- this pain? Maybe I'm just going about it all wrong.
>
> I don't know of a way around that, but you might be better off using SSL certs to authenticate. I believe there's
evensomething similar to ssh-keychain that would allow you not to store the passphrase on-disk (though you would have
toenter it manually on reboot).
Does that solve the "different passwords for different servers" problem, or just the "password on disk" problem?