Bruce Momjian wrote:
>Andrew Dunstan wrote:
>
>
>>We currently have this in the default pg_hba.conf file:
>>
>> host all all 127.0.0.1 255.255.255.255 trust
>>
>>The idea was to have something which would perform equivalently on IP4
>>only, IP4 over IP6 and pure IP6 connections, without breaking the
>>postmaster host in any of them.
>>
>>It is perfectly true that it could be mangled by the administrator -
>>this would save him/her having to do so for the default case. In my
>>proposal you would replace this default line with:
>>
>> loopback all all trust
>>
>>It's the fact that it is the default that makes it special. Does that
>>make things clearer?
>>
>>
>
>We have avoided doing dns lookups from pg_hba.conf, and hence the use of
>127.0.0.1 instead of localhost. Now that we cache pg_hba.conf, we could
>consider allowing hostnames in pg_hba.conf. Is that a TODO?
>
>As for the IPv6 issue --- how prevalent is this problem. What OS
>versions are affected? Has the user done something special to enable
>this?
>
>
>
These are orthogonal issues. What I have suggested above would work
purely at the address level, without any name lookup.
Systems (e.g. SUSE) are shipping with IP6 turned on by default - that's
how this came up in the first place.
DNS lookups were discussed back in May, but there didn't seem to be a
nice way to do it in conjunction with netmasks, so I didn't proceed with
it after I did CIDR masks.
If someone can suggest good semantics and there is demand for it I can
look at it again (or someone else can).
cheers
andrew