On Fri, Feb 27, 2015 at 12:48 PM, Tomas Vondra <tomas.von...@2ndquadrant.com > wrote:
> On 27.2.2015 17:59, Stephen Frost wrote: > > All, > > > > * Tomas Vondra (tomas.von...@2ndquadrant.com) wrote: > >> > >> The other feature that'd be cool to have is a debugging function > >> on top of the view, i.e. a function pg_hba_check(host, ip, db, > >> user, pwd) showing which hba rule matched. But that's certainly > >> nontrivial. > > > > I'm not sure that I see why, offhand, it'd be much more than trivial > > ... > > From time to time I have to debug why are connection attempts failing, > and with moderately-sized pg_hba.conf files (e.g. on database servers > shared by multiple applications) that may be tricky. Identifying the > rule that matched (and rejected) the connection would be helpful. > If you did actually get a rejected connection, you get that in the log (as of 9.3, iirc). Such a function would make it possible to test it without having failed first though :) -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/
