Just needed clarification on how pg_hba.conf operates.
Does a specific host take precedence over a more general network setting?
The local socket is only accessible to a certain group, but I don't want
the overhead of SSL for loopback connections. If I connect to the server
from the local machine, the connections show up as (eg) 10.2.3.4, the NIC
ip.
I was hoping the more specific 'host' entry would take entry over the universal
'hostssl' entry, but it does'nt seem to...
I have this:
root@eris:postgresql80-server$ cat /opt/pgsql/data/pg_hba.conf
# TYPE DATABASE USER IP-ADDRESS METHOD
local all all trust
host all all 10.2.3.4/32 md5
hostssl all all 0.0.0.0/0 md5
Is there a way to say 'all IP traffic should be encrypted except one IP' that
I'm missing?
I know I could just add the local process into the dba group, but the app doesn't
reconnect if the socket goes away on a db restart, so that's not ideal...
--
'That question was less stupid; though you asked it in a profoundly stupid way.'
-- Prof. Farnsworth
Rasputin :: Jack of All Trades - Master of Nuns