Can not configure custom authorization at pg_hba.conf because of more global rule #1132

EugenKon · 2023-09-29T22:01:03Z

docker-entrypoint.sh sets up host all all all scram-sha-256 into pg_hba.conf file.

Line 252 in 8a631b9

printf 'host all all all %s\n' "$POSTGRES_HOST_AUTH_METHOD"

For my database located in trusted network I wan to configure trusted authentication, but can not, because first list matched first:

...
host all all all scram-sha-256
host db user 172.16.0.0/12 trust

My /docker-entrypoint-initdb.d/000-trust.sh script is:

echo "host db user 172.16.0.0/12 trust" >> "${PGDATA}/pg_hba.conf"

It would be nice if this catch-all rule you will add later after processing init files

Line 331 in 8a631b9

The text was updated successfully, but these errors were encountered:

tianon · 2023-12-08T22:27:50Z

I'm not sure what changes we can safely make to that ordering, but you should be able to handle this in your initdb script via sed, something like:

sed -i -e '/^host all all all/d' "$PGDATA/pg_hba.conf"

EugenKon · 2023-12-08T23:29:38Z

It would be nice to disable that functionality so user can manage it manually, eg. CUSTOM_PG_HBA=true.

Provide feedback