Re: Are dns CNAME's allowed or useable in pg_hba.conf hostname specification

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/5/16 7:09 PM, dennisr@xxxxxxxx wrote:
> My preference is to use a network address for this stuff but I was over ruled and needed to use a host specific name or address in the config file. I wanted to use a CNAME in place of the A or PTR records so as in the event we ever have to rebuild a new WAL receiver, I would only need to repoint the CNAME in the DNS system and avoid the possibility of updating a few hundred pg_hba.conf’s with a new IP address or hostname (this is a private cloud environment I am working with so I don’t have a lot of control over hostnames of the nodes they give me or even the networks the node is placed in.)

Note that the IP addresses in pg_hba.conf are not really by themselves a
primary security measure, because the source IP addresses in the same
network are (potentially) under control of the source host.  Their
purpose is rather to allow different classes of hosts to use different
authentication mechanisms.  For example, newer hosts might use SSL,
older hosts passwords.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services


-- 
Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux