November 2nd, 2009 by depesz | Tags: , , , , , | Comments Off on Waiting for 8.5 – ‘samehost’ and ‘samenet’ in pg_hba.conf
Did it help? If yes - maybe you can help me?

October, finally. “Only" 1 month of backlog in new features in 8.5, but I'm getting there 🙂

So, on 1st of October Tom Lane committed patch by Stef Walter:

Log Message:
Support "samehost" and "samenet" specifications in pg_hba.conf,
by enumerating the machine's IP interfaces to look for a match.
Stef Walter

For some reason I cannot find it in mailing list archive, but luckily have copy of email (without all headers unfortunately).

So, commit log seems to be pretty simple, but what exactly are those samehost and samenet codes?

Docs say, that:

Instead of a CIDR-address, you can write samehost to match any of the server's own IP addresses, or samenet to match any address in any subnet that the server is directly connected to.

This means that, if you are like me, and you have you pg_hba.conf set to:

local   all         all                               trust
host    all         all          trust
host    all         all             md5

(I set it that way, because if user has shell access to my machine, I have more things to worry about than pg access, and I'm too lazy to fill-in all networks system is connected to), You can change it to a bit better and safer:

local   all         all                               trust
host    all         all         samehost              trust
host    all         all         samenet               md5

Of course this is only simple example, but usage seems to be pretty straightforward. Cool. A bit easier way to setup multiple machines.

Sorry, comments for this post are disabled.