On Mon, Mar 14, 2011 at 5:18 AM, Magnus Hagander <magnus@hagander.net> wrote:
> On Fri, Mar 11, 2011 at 15:36, Peter Eisentraut <peter_e@gmx.net> wrote:
>> On tor, 2011-03-10 at 22:45 +0100, Magnus Hagander wrote:
>>> On Thu, Mar 10, 2011 at 22:22, Bruce Momjian <bruce@momjian.us> wrote:
>>> >
>>> > Added to TODO:
>>> >
>>> > Rename unix domain socket 'ident' connections to 'peer', to avoid
>>> > confusion with TCP 'ident'
>>>
>>> Should we consider adding "peer" as an alias for "ident" already in
>>> 9.1 (and change the default pg_hba.conf template), and then deprecate
>>> ident for 9.2 and remove it in 9.3 or something? By adding the alias
>>> now (yes, I know it's not in the last CF :P), we can move what's going
>>> to be a long process up one release...
>>
>> Might as well, if you can get it done soon. The documentation might
>> need more extensive adjustments.
>
> The code itself is pretty easy and localized, AFAICT. Attached is a
> patch taht implements "peer" for local connections, and automatically
> maps "ident" on local sockets to that (with a log message saying it
> did).
>
> If people want this to go in, I'll go over the documentation as well -
> as you say, that might need some more changes, but we're not as
> time-critical on that (meaning we can keep polishing it through beta).
>
> Also, I'd like to get around to making "initdb -A ident" automatically
> put "peer" for local sockets as well, which is not included in this
> patch but should be a very simple change.
>
> So. Thoughts?
The log message is an absolute non-starter. You're going to get that
on every backend startup on Windows, I believe.
Also, the text is not accurate: nothing has been automatically changed
to anything. The pg_hba.conf file is just as it was. You could say
something like "ident" authentication on local socket treated as
"peer", but I think a better idea would be to just remove this message
altogether. I see zero reason to force someone who has a pg_hba.conf
file that they have been using for years and are happy with to make
trivial changes to it on our account, and I'd be perfectly happy to
silently treat ident on a local socket as peer forever, while gently
encouraging the use of the newer term in our documentation.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company