November 2nd, 2009 by depesz | Tags: , , , , , | No comments »
Did it help? If yes - maybe you can help me?

October, finally. “Only" 1 month of backlog in new features in 8.5, but I'm getting there 🙂

So, on 1st of October Tom Lane committed patch by Stef Walter:

Log Message:
-----------
Support "samehost" and "samenet" specifications in pg_hba.conf,
by enumerating the machine's IP interfaces to look for a match.
 
Stef Walter

For some reason I cannot find it in mailing list archive, but luckily have copy of email (without all headers unfortunately).

So, commit log seems to be pretty simple, but what exactly are those samehost and samenet codes?

Docs say, that:

Instead of a CIDR-address, you can write samehost to match any of the server's own IP addresses, or samenet to match any address in any subnet that the server is directly connected to.

This means that, if you are like me, and you have you pg_hba.conf set to:

# TYPE DATABASE USER CIDR-ADDRESS METHOD
local all all trust
host all all 127.0.0.1/32 trust
host all all 0.0.0.0/0 md5

(I set it that way, because if user has shell access to my machine, I have more things to worry about than pg access, and I'm too lazy to fill-in all networks system is connected to), You can change it to a bit better and safer:

# TYPE DATABASE USER CIDR-ADDRESS METHOD
local all all trust
host all all samehost trust
host all all samenet md5

Of course this is only simple example, but usage seems to be pretty straightforward. Cool. A bit easier way to setup multiple machines.

Leave a comment