Saturday, August 2, 2008

Re: [HACKERS] Parsing of pg_hba.conf and authentication inconsistencies

"Magnus Hagander" <magnus@hagander.net> writes:

> I've also noticed that authentication methods error out in different
> ways when they are not supported. For example, if I try to use Kerberos
> without having it compiled in, I get an error when a client tries to
> connect (because we compile in stub functions for the authentication
> that just throw an error). But if I use pam, I get an "missing or
> erroneous pg_hba.conf file" error (because we #ifdef out the entire
> option all over the place). I'd like to make these consistent - but
> which one of them do people prefer?

Generally I prefer having stub functions which error out because it means
other code doesn't need lots of ifdef's around the call sites.

However it would be nice to throw an error or at least a warning when parsing
the file instead of pretending everything's ok. Perhaps authentication methods
should have a function to check whether the method is supported which is
called when the file is parsed.

--
Gregory Stark
EnterpriseDB http://www.enterprisedb.com
Ask me about EnterpriseDB's PostGIS support!

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

No comments: