diff options
| author | Peter Eisentraut <peter_e@gmx.net> | 2017-02-13 16:50:29 -0500 |
|---|---|---|
| committer | Peter Eisentraut <peter_e@gmx.net> | 2017-03-22 11:19:30 -0400 |
| commit | 8df9bd0b445f9bd6134915d4417efde6e85e3add (patch) | |
| tree | fb662717a7af3709ebf5619e61bc162b67974299 | |
| parent | 4cfc9484d4effb0a3aa2c8742bdef0c2bc7a3ca5 (diff) | |
| download | postgresql-8df9bd0b445f9bd6134915d4417efde6e85e3add.tar.gz postgresql-8df9bd0b445f9bd6134915d4417efde6e85e3add.zip | |
Change logical replication pg_hba.conf use
Logical replication no longer uses the "replication" keyword. It just
matches database entries in the normal way. The "replication" keyword
now only applies to physical replication.
Reviewed-by: Petr Jelinek <petr.jelinek@2ndquadrant.com>
| -rw-r--r-- | doc/src/sgml/client-auth.sgml | 2 | ||||
| -rw-r--r-- | doc/src/sgml/logical-replication.sgml | 8 | ||||
| -rw-r--r-- | src/backend/libpq/hba.c | 4 |
3 files changed, 6 insertions, 8 deletions
diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml index bbd52a5418d..d6b8c04edc5 100644 --- a/doc/src/sgml/client-auth.sgml +++ b/doc/src/sgml/client-auth.sgml @@ -193,7 +193,7 @@ hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable> members of the role, directly or indirectly, and not just by virtue of being a superuser. The value <literal>replication</> specifies that the record - matches if a replication connection is requested (note that + matches if a physical replication connection is requested (note that replication connections do not specify any particular database). Otherwise, this is the name of a specific <productname>PostgreSQL</productname> database. diff --git a/doc/src/sgml/logical-replication.sgml b/doc/src/sgml/logical-replication.sgml index a6c04e923da..6da39d25e38 100644 --- a/doc/src/sgml/logical-replication.sgml +++ b/doc/src/sgml/logical-replication.sgml @@ -295,11 +295,9 @@ <title>Security</title> <para> - Logical replication connections occur in the same way as with physical streaming - replication. It requires access to be explicitly given using - <filename>pg_hba.conf</filename>. The role used for the replication - connection must have the <literal>REPLICATION</literal> attribute. This - gives a role access to both logical and physical replication. + The role used for the replication connection must have + the <literal>REPLICATION</literal> attribute. Access for the role must be + configured in <filename>pg_hba.conf</filename>. </para> <para> diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c index 3817d249c44..7abcae618db 100644 --- a/src/backend/libpq/hba.c +++ b/src/backend/libpq/hba.c @@ -612,9 +612,9 @@ check_db(const char *dbname, const char *role, Oid roleid, List *tokens) foreach(cell, tokens) { tok = lfirst(cell); - if (am_walsender) + if (am_walsender && !am_db_walsender) { - /* walsender connections can only match replication keyword */ + /* physical replication walsender connections can only match replication keyword */ if (token_is_keyword(tok, "replication")) return true; } |