Hi! sean finney [2005-09-26 3:41 -0400]: > On Mon, Sep 26, 2005 at 07:46:45AM +0200, Martin Pitt wrote: > > --cluster would keep its meaning, --ip should be a concrete IP (like, > > 127.0.0.1) which means, access is tested from that IP). Other options > > should not be allowed. Then pg_test_hba would exit with 1 if there is > > i think it would be helpful if the other options were also allowed. > for example, if method is md5, we would need to know this so that > a line with ident sameuser didn't cause a false positive. Not sure what you mean here. It does not make sense to specify more than one line for a given type/user/database triple, since only the first matching line is used. Therefore the method should be an output rather than an input. > > no matching rule, and with 0 if there is. In the success case, it > > would print out the access method ("ident sameuser" or "md5"). It > > might also be interesting whether SSL must be used or not. Maybe this > > should be printed in a second line, what do you think? > > i think, ideally, this command shouldn't output anything if nothing > needs to change, and if something needs to change it should only output > what should be entered into pg_hba.conf. This indeed makes sense, good idea. I will do that. Thanks, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian Developer http://www.debian.org
Attachment:
signature.asc
Description: Digital signature