Prev: 'replication' keyword on .pgpass (StreamingReplication)
Next: snapshot generation broken again...
From: Magnus Hagander on 7 Jan 2010 07:50 On Thu, Jan 7, 2010 at 13:34, Heikki Linnakangas <heikki.linnakangas(a)enterprisedb.com> wrote: > Fujii Masao wrote: >> On Thu, Jan 7, 2010 at 5:44 PM, Magnus Hagander <magnus(a)hagander.net> wrote: >>>> Such information are supplied in the parameter 'primary_conninfo' of >>>> recovery.conf. For example; >>>> >>>> primary_conninfo = 'host=192.168.1.50 port=5432 user=foo' >>> So the password can just go there, no? >> >> Yeah, the password can be supplied in primary_conninfo. >> >> primary_conninfo = 'host=192.168.1.50 port=5432 user=foo password=foopass' >> >> Also you can use the environment variable PGPASSWORD. >> Is this enough? I was thinking that some people would >> complain that only the password for replication cannot >> be supplied in .pgpass. > > That seems enough to me. > > BTW, how do you set up authentication using an SSL certificate? ISTM > that's the way we should be encouraging people to configure > authentication between a master and standby, rather than type a password > to a file. Connectoin parameters: sslcert, sslkey and sslrootcert in most cases. Or just put the key in ~/.postgresql/postgresql.key. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
From: Tom Lane on 7 Jan 2010 09:53 Fujii Masao <masao.fujii(a)gmail.com> writes: > On Thu, Jan 7, 2010 at 5:46 PM, Magnus Hagander <magnus(a)hagander.net> wrote: >> However, wouldn't it make more logical sense to replace "host/hostssl" >> with "replication/replicationssl" rather than overload the database >> field? > Seems good. How about the following formats? > replication user CIDR-address auth-method [auth-options] > replicationssl user CIDR-address auth-method [auth-options] > replication user IP-address IP-mask auth-method [auth-options] > replicationssl user IP-address IP-mask auth-method [auth-options] > Note that "database" field has been removed since it's useless > for replication. I'm getting more and more confused here. I thought we were talking about client-side .pgpass. This seems to be talking about pg_hba.conf. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
From: Heikki Linnakangas on 7 Jan 2010 10:09 Tom Lane wrote: > I'm getting more and more confused here. I thought we were talking > about client-side .pgpass. This seems to be talking about pg_hba.conf. Yeah, the topic was covertly changed. It seems we have consensus to not change .pgpass, and to leave pg_hba.conf as it is now in the patch as well. -- Heikki Linnakangas EnterpriseDB http://www.enterprisedb.com -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
First
|
Prev
|
Pages: 1 2 3 Prev: 'replication' keyword on .pgpass (StreamingReplication) Next: snapshot generation broken again... |