On Wed, Aug 26, 2009 at 22:47, Tom Lane<t...@sss.pgh.pa.us> wrote: > Magnus Hagander <mag...@hagander.net> writes: >> On Wed, Aug 26, 2009 at 15:57, Tom Lane<t...@sss.pgh.pa.us> wrote: >>> Magnus Hagander <mag...@hagander.net> writes: >>>> But that will still fail if the user has set it up to require a client >>>> certificate. >>> >>> But not till it gets to the pg_hba checks. We might need to have some > >> How would that be different from what we have now? sslmode=prefer will >> still allow both ssl and non-ssl connection. It won't kick you out >> until you reach the hba processing, will it? > > Hm, will it retry if the ssl setup step fails? If so it'd be all right, > but it's still a waste of cycles ...
Yes, that's the difference between prefer and require. I think the main issue is that test_postmaster_connection() only accepts two cases - successful login and password prompt. It would have similar issues with say an ident mismatch, or loopback connections configured for kerberos. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
