On Sep 15, 2015, at 12:27 AM, Jim Nasby <jim.na...@bluetreble.com> wrote:
>
> On 9/15/15 12:48 AM, Ben Chobot wrote:
>> We're in a situation where we would like to take advantage of the pgpass
>> hostname field to determine which password gets used. For example:
>>
>> psql -h prod-server -d foo # should use the prod password
>> psql -h beta-server -d foo # should use the beta password
>>
>> This would *seem* to be simple, just put "prod-server" or "beta-server" into
>> the hostname field of .pgpass. But if somebody uses the FQDN of those hosts,
>> then the line does not match. If somebody uses the IP address of those
>> hosts, again, no match. It seems that the hostname must match the hostname
>> *exactly* - or match any host ("*"), which does not work for our use case.
>>
>> This seems to make the hostname field unnecessarily inflexible. Has anybody
>> else experienced - and hopefully overcome - this pain? Maybe I'm just going
>> about it all wrong.
>
> I don't know of a way around that, but you might be better off using SSL
> certs to authenticate. I believe there's even something similar to
> ssh-keychain that would allow you not to store the passphrase on-disk (though
> you would have to enter it manually on reboot).
Does that solve the "different passwords for different servers" problem, or
just the "password on disk" problem?
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
