Re: pg_hba.conf

According to the excelent doc, the _first_ matching entry will be used.

C:\> -----Original Message-----
C:\> From: Dick Davies [mailto:rasputnik@hellooperator.net]
C:\> Sent: Dienstag, 22. Februar 2005 12:57
C:\> To: PostgreSQL Admin
C:\> Subject: [ADMIN] pg_hba.conf
C:\>
C:\>
C:\>
C:\> Just needed clarification on how pg_hba.conf operates.
C:\> Does a specific host take precedence over a more general
C:\> network setting?
C:\>
C:\> The local socket is only accessible to a certain group,
C:\> but I don't want
C:\> the overhead of SSL for loopback connections. If I connect
C:\> to the server
C:\> from the local machine, the connections show up as (eg)
C:\> 10.2.3.4, the NIC
C:\> ip.
C:\>
C:\> I was hoping the more specific 'host' entry would take
C:\> entry over the universal
C:\> 'hostssl' entry, but it does'nt seem to...
C:\>
C:\> I have this:
C:\>
C:\> root@eris:postgresql80-server$ cat /opt/pgsql/data/pg_hba.conf
C:\> # TYPE     DATABASE    USER        IP-ADDRESS      METHOD
C:\> local      all         all                         trust
C:\> host    all         all         10.2.3.4/32   md5
C:\> hostssl    all         all      0.0.0.0/0   md5
C:\>
C:\> Is there a way to say 'all IP traffic should be encrypted
C:\> except one IP' that
C:\> I'm missing?
C:\>
C:\> I know I could just add the local process into the dba
C:\> group, but the app doesn't
C:\> reconnect if the socket goes away on a db restart, so
C:\> that's not ideal...
C:\>
C:\>
C:\> --
C:\> 'That question was less stupid; though you asked it in a
C:\> profoundly stupid way.'
C:\>         -- Prof. Farnsworth
C:\> Rasputin :: Jack of All Trades - Master of Nuns
C:\>
C:\> ---------------------------(end of
C:\> broadcast)---------------------------
C:\> TIP 7: don't forget to increase your free space map settings
C:\>