Re: Disabling trust/ident authentication configure option

On 5/17/15 10:58 PM, Josh Berkus wrote:
> The goal here was stated to preventing authentication misconfiguration
> by shortsighted admins who have superuser access and the ability to
> change pg_hba.conf.  This is tantamount to giving someone a gun and
> bullets, but expecting duct tape across the cartridge slot to prevent
> them from loading or using the gun.

The idea is to prevent *accidental* misconfiguration, not to try and 
permanently lock them out. IE: make them think before allowing them to 
just do something silly. Disabling auth methods at compile time seems a 
very reasonable way to accomplish that.
-- 
Jim Nasby, Data Architect, Blue Treble Consulting
Data in Trouble? Get it in Treble! http://BlueTreble.com