On 12/5/16 7:09 PM, dennisr@xxxxxxxx wrote: > My preference is to use a network address for this stuff but I was over ruled and needed to use a host specific name or address in the config file. I wanted to use a CNAME in place of the A or PTR records so as in the event we ever have to rebuild a new WAL receiver, I would only need to repoint the CNAME in the DNS system and avoid the possibility of updating a few hundred pg_hba.conf’s with a new IP address or hostname (this is a private cloud environment I am working with so I don’t have a lot of control over hostnames of the nodes they give me or even the networks the node is placed in.) Note that the IP addresses in pg_hba.conf are not really by themselves a primary security measure, because the source IP addresses in the same network are (potentially) under control of the source host. Their purpose is rather to allow different classes of hosts to use different authentication mechanisms. For example, newer hosts might use SSL, older hosts passwords. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
