rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Change logical replication pg_hba.conf use 

Logical replication no longer uses the "replication" keyword.  It just
matches database entries in the normal way.  The "replication" keyword
now only applies to physical replication.

Reviewed-by: Petr Jelinek <petr.jelinek@2ndquadrant.com>
This commit is contained in:
Peter Eisentraut 2017-02-13 16:50:29 -05:00
parent 4cfc9484d4
commit 8df9bd0b44
3 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/src/sgml/client-auth.sgml
View File

@ -193,7 +193,7 @@ hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable>
members of the role, directly or indirectly, and not just by
virtue of being a superuser.
The value <literal>replication</> specifies that the record
matches if a replication connection is requested (note that
matches if a physical replication connection is requested (note that
replication connections do not specify any particular database).
Otherwise, this is the name of
a specific <productname>PostgreSQL</productname> database.

8
doc/src/sgml/logical-replication.sgml
View File

@ -295,11 +295,9 @@
<title>Security</title>
<para>
Logical replication connections occur in the same way as with physical streaming
replication. It requires access to be explicitly given using
<filename>pg_hba.conf</filename>. The role used for the replication
connection must have the <literal>REPLICATION</literal> attribute. This
gives a role access to both logical and physical replication.
The role used for the replication connection must have
the <literal>REPLICATION</literal> attribute. Access for the role must be
configured in <filename>pg_hba.conf</filename>.
</para>
<para>

4
src/backend/libpq/hba.c
View File

@ -612,9 +612,9 @@ check_db(const char *dbname, const char *role, Oid roleid, List *tokens)
foreach(cell, tokens)
{
tok = lfirst(cell);
if (am_walsender)
if (am_walsender && !am_db_walsender)
{
/* walsender connections can only match replication keyword */
/* physical replication walsender connections can only match replication keyword */
if (token_is_keyword(tok, "replication"))
return true;
}