<div class="gmail_quote">On Thu, Feb 11, 2010 at 17:21, Tom Lane <span dir="ltr"><<a
href="mailto:tgl@sss.pgh.pa.us">tgl@sss.pgh.pa.us</a>></span>wrote:<br /><blockquote class="gmail_quote"
style="margin:0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div class="im">Bart
Samwel<<a href="mailto:bart@samwel.tk">bart@samwel.tk</a>> writes:<br /> > I've been working on a patch to add
hostnamesupport to pg_hba.conf.<br /><br /></div>Have you read the previous discussions about that?<br
/></blockquote></div><br/>Yes, mostly.<br /><br />The previous discussions included all sorts of complex stuff such as
wildcards.Personally, I'd think that in the cases where you'd want wildcards, then you should use IP / netmask
configuration,because that's a way better indicator of "something that comes from the same source network entity". For
instance,wildcards are nice for "all our own servers", except that you'd normally use IP / netmaks to indicate your
ownserver subnet.<br /><br />The way I see it, hostname based configuration should be plain and simple. You suggested
inone of the earlier discussions that it should not be much more than removing the AI_NUMERICHOST hint in the lookup.
Mycurrent solution is slightly more involved, since it performs the by-hostname lookup at check time, not at
pg_hba.confread time -- but there is not much more complexity involved. If there is a case for more complexity, then we
willhear the actual use cases after this basic support is added, I guess.<br /><br />Cheers,<br />Bart<br />