Re: BUG #6687: initdb -A ident can almost never be correct

On Mon, Jun 11, 2012 at 6:01 PM, David Fetter <david@fetter.org> wrote:
> On Mon, Jun 11, 2012 at 05:51:06PM +0200, Magnus Hagander wrote:
>> On Mon, Jun 11, 2012 at 5:14 PM, =A0<david@fetter.org> wrote:
>> > The following bug has been logged on the website:
>> >
>> > Bug reference: =A0 =A0 =A06687
>> > Logged by: =A0 =A0 =A0 =A0 =A0David Fetter
>> > Email address: =A0 =A0 =A0david@fetter.org
>> > PostgreSQL version: 9.1.4
>> > Operating system: =A0 All
>> > Description:
>> >
>> > When calling initdb -A, it is assumed--wrongly in the case of ident, t=
hat
>> > every method is valid for both local and network.
>>
>> Um, what do you mean?
>>
>> If I specify initdb -A, it gives me peer on local and ident on tcp, is
>> that not what you expected?
>>
>> Or maybe I'm misunderstanding the problem completely.. What is
>> happening, and what are you expecting to happen?
>
> We have a design issue, namely that initdb -A blindly applies the auth
> method specified to all default accesses. =A0This is the correct
> behavior for all auth methods except for ident, where it is wrong just
> about everywhere for network (localhost rather than local) access.

Uh, what *would* you expect to happen if you choose "ident"? That
something different than what you choose is done?

I can get the argument for "peer", which could potentially leave the
non-local entries out completely. But I don't see anything wrong with
what "ident" does.

And even in the case of peer, since the default is not to even
*listen* on remote connections, it's not a huge problem...

--=20
=A0Magnus Hagander
=A0Me: http://www.hagander.net/
=A0Work: http://www.redpill-linpro.com/