Andreas Pflug wrote:
> Andrew Dunstan wrote:
>
>> Andreas Pflug said:
>>
>>
>>> Tommi Maekitalo wrote:
>>>
>>>
>>>
>>>>> *nod* but it would be nicer if all loopback interfaces worked by
>>>>> default - hence my localhost suggestion, which would match any of
>>>>>
>>>>> 127.0.0.1/32
>>>>>
>>>>> ::ffff:127.0.0.1/128 and
>>>>> ::1/128
>>>>>
>>>>>
>>>>
>>>> ...
>>>> That sounds good. Is it possible to extend lookup that way?
>>>>
>>>>
>>>
>>> I'd feel a bit uncomfortable making ::1/128 from 127.0.0.1/32 because
>>> it's not converting the same address from one format into another, but
>>> a completely different address.
>>> Extending "local" to accept all local tcpip addresses would fit better.
>>>
>>>
>>
>>
>> I agree. The only automatic mapping in host* lines should be from
>> p.q.r.s/n to ::ffff:p.q.r.s/n+96. Loopback interfaces are special and
>> should be treated separately from the general case, which is what I
>> propose to do.
>>
> This doesn't look consistent to me. Local addresses can be all
> addresses that the host's interfaces are currently configured with,
> loopback is nothing special in this sense. The admin can easily do
> 'ifconfig' to see all addresses configured and enter them into
> pg_hba.conf, because these addresses are obvious.
We currently have this in the default pg_hba.conf file:
host all all 127.0.0.1 255.255.255.255 trust
The idea was to have something which would perform equivalently on IP4
only, IP4 over IP6 and pure IP6 connections, without breaking the
postmaster host in any of them.
It is perfectly true that it could be mangled by the administrator -
this would save him/her having to do so for the default case. In my
proposal you would replace this default line with:
loopback all all trust
It's the fact that it is the default that makes it special. Does that
make things clearer?
cheers
andrew