Обсуждение: pg_hba.conf hostmask.
Currently in pg_hba.conf you specify the ip addresses that can connect with 2 fields: the ip address and the mask. What do you think about changing it to ip address/mask? Where mask can be both the current mask, or the prefix length. It's so much handier to use, especially for ipv6. Kurt
Kurt Roeckx wrote: > Currently in pg_hba.conf you specify the ip addresses that can > connect with 2 fields: the ip address and the mask. > > What do you think about changing it to ip address/mask? Where > mask can be both the current mask, or the prefix length. > > It's so much handier to use, especially for ipv6. Yes, some have asked about this. My understanding was that CIDR (host/len) was mostly for networks, while hostname/mask was for hosts. Now, you can specify hosts using /32, but is is unusual? Maybe not. We basically have columns in pg_hba.conf that can specify either hosts or networks, so I suppose either should work. One neat trick would be to allow both, and I think I can easily code that up. If you specify a '/' and value after the host address, you don't use a netmask value. How is that? -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001+ If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania19073
On Sun, 2 Feb 2003, Bruce Momjian wrote: > Yes, some have asked about this. My understanding was that CIDR > (host/len) was mostly for networks, while hostname/mask was for hosts. > Now, you can specify hosts using /32, but is is unusual? Maybe not. Typically, if you have something like an access list where you're specifying hosts or networks, you default the netmask to /32 if it's not supplied. However, if we're going to maintain backward compatability with the old format (i.e., using a separately specified netmask in the next column if no slash is present in the address column) we can't do that. Personally, I'm all for breaking backwards compatability (as I usually am :-)) but could quite easily live with specifying all most hosts as "n.n.n.n/32" forever into the future, too. cjs -- Curt Sampson <cjs@cynic.net> +81 90 7737 2974 http://www.netbsd.org Don't you know, in this new Dark Age, we're alllight. --XTC
Added to TODO: * Allow CIDR format to be used in pg_hba.conf --------------------------------------------------------------------------- Kurt Roeckx wrote: > Currently in pg_hba.conf you specify the ip addresses that can > connect with 2 fields: the ip address and the mask. > > What do you think about changing it to ip address/mask? Where > mask can be both the current mask, or the prefix length. > > It's so much handier to use, especially for ipv6. > > > Kurt > > > ---------------------------(end of broadcast)--------------------------- > TIP 6: Have you searched our list archives? > > http://archives.postgresql.org > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001+ If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania19073