Waiting for 9.1 – Suffix matching in pg_hba.conf

On 24th of October, Peter Eisentraut committed addition to his previous patch, which adds:

Support suffix matching of host names in pg_hba.conf
A name starting with a dot can be used to match a suffix of the actual
host name (e.g., .example.com matches foo.example.com).

Generally, the idea is trivial – if you need to provide access to all hosts in given domain – you can just put name of the domain in pg_hba, with leading .

There was also short poll on pgsql-hackers list which stated why such syntax (as opposed to full regexps), and this approach won due to simplicity and issues with regular expressions and domain names.

So, obligatory example. Instead of previously required:

host all all krowka.home.depesz.com trust
host all all piesek.home.depesz.com trust
host all all kotek.home.depesz.com  trust
host all all kozka.home.depesz.com  trust
host all all swinka.home.depesz.com trust

one can now simply:

host all all .home.depesz.com trust

Of course assuming that it's not a problem that host prosiaczek.home.depesz.com will also get access to the db.