Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
P
Postgres FD Implementation
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Abuhujair Javed
Postgres FD Implementation
Commits
bb74b18d
Commit
bb74b18d
authored
May 30, 2000
by
Bruce Momjian
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update pg_hba.conf.sample with better examples and descriptions
parent
2f52eee2
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
99 additions
and
85 deletions
+99
-85
src/backend/libpq/pg_hba.conf.sample
src/backend/libpq/pg_hba.conf.sample
+99
-85
No files found.
src/backend/libpq/pg_hba.conf.sample
View file @
bb74b18d
#
#
# Example PostgreSQL host access control file.
#
# PostgreSQL HOST ACCESS CONTROL FILE
#
#
#
#
# This file controls what hosts are allowed to connect to what databases
# This file controls what hosts are allowed to connect to what databases
# and specifies some options on how users on a particular host are identified.
# and specifies some options on how users on a particular host are
# It is read each time a host tries to make a connection to a database.
# identified. It is read each time a host tries to make a connection to a
#
# database.
# Each line (terminated by a newline character) is a record. A record cannot
#
# be continued across two lines.
# Each line (terminated by a newline character) is a record. A record
# cannot be continued across two lines.
#
#
# There are 3 kinds of records:
# There are 3 kinds of records:
#
#
...
@@ -15,81 +17,50 @@
...
@@ -15,81 +17,50 @@
#
#
# 2) empty: Contains nothing excepting spaces and tabs.
# 2) empty: Contains nothing excepting spaces and tabs.
#
#
# 3) content: anything else.
# 3) record: anything else.
#
# Unless specified otherwise, "record" from here on means a content
# record.
#
#
# A record consists of tokens separated by spaces or tabs. Spaces and
# Only record lines are significant.
#
# A record consists of tokens separated by spaces or tabs. Spaces and
# tabs at the beginning and end of a record are ignored as are extra
# tabs at the beginning and end of a record are ignored as are extra
# spaces and tabs between two tokens.
# spaces and tabs between two tokens.
#
#
# The first token in a record is the record type. The interpretation of the
# The first token in a record is the record type. The interpretation of
# rest of the record depends on the record type.
# the rest of the record depends on the record type.
#
# Record type "host"
# Record type "host"
# ------------------
# ------------------
#
#
# This record identifies a set of network hosts that are permitted to
connect
# This record identifies a set of network hosts that are permitted to
#
to databases. No network hosts are permitted to connect except as specified
#
connect to databases. No network hosts are permitted to connect except
#
by a "host" record. See the record type "local" to specify permitted
#
as specified by a "host" record. See the record type "local" to specify
#
connections using UNIX
sockets.
#
permitted connections for local users via UNIX domain
sockets.
#
#
# Format:
# Format:
#
#
# host DBNAME IP_ADDRESS ADDRESS_MASK AUTHTYPE [AUTH_ARGUMENT]
# host DBNAME IP_ADDRESS ADDRESS_MASK AUTHTYPE [AUTH_ARGUMENT]
#
#
# DBNAME is the name of a PostgreSQL database, "all" to indicate all
# DBNAME is the name of a PostgreSQL database, "all" to indicate all
# databases, or "sameuser" to restrict a user's access to a database
# databases, or "sameuser" to restrict a user's access to a database with
# with the same user name.
# the same user name.
#
# IP_ADDRESS and ADDRESS_MASK are a standard dotted decimal IP address and
# mask to identify a set of hosts. These hosts are allowed to connect to
# Database DBNAME.
#
# AUTHTYPE is a keyword indicating the method used to authenticate the
# user, i.e. to determine that the principal is authorized to connect
# under the PostgreSQL username he supplies in his connection parameters.
#
# ident: Authentication is done by the ident server on the remote
# host, via the ident (RFC 1413) protocol. AUTH_ARGUMENT, if
# specified, is a map name to be found in the pg_ident.conf file.
# That table maps from ident usernames to PostgreSQL usernames. The
# special map name "sameuser" indicates an implied map (not found
# in pg_ident.conf) that maps every ident username to the identical
# PostgreSQL username.
#
#
# trust: No authentication is done. Trust that the user has the
# IP_ADDRESS and ADDRESS_MASK are a standard dotted decimal IP address
# authority to use whatever username he specifies. Before
# and mask to identify a set of hosts. These hosts are allowed to connect
# PostgreSQL version 6, all authentication was done this way.
# to Database DBNAME. There is a separate section about AUTHTYPE below.
#
# reject: Reject the connection.
#
# password: Authentication is done by matching a password supplied in clear
# by the host. If AUTH_ARGUMENT is specified then the password
# is compared with the user's entry in that file (in the $PGDATA
# directory). See pg_passwd(1). If it is omitted then the
# password is compared with the user's entry in the pg_shadow
# table.
#
# crypt: Authentication is done by matching an encrypted password supplied
# by the host with that held for the user in the pg_shadow table.
#
# krb4: Kerberos V4 authentication is used.
#
# krb5: Kerberos V5 authentication is used.
# Record type "hostssl"
# Record type "hostssl"
# ---------------------
# ---------------------
#
#
# The format of this record is identical to that of "host".
#
# This record identifies the authentication to use when connecting to a
# This record identifies the authentication to use when connecting to a
# particular database via TCP/IP sockets over SSL. Note that normal
# particular database via TCP/IP sockets over SSL. Note that normal
# "host" records are also matched - "hostssl" records can be used to
# "host" records are also matched - "hostssl" records can be used to
# require a SSL connection.
# require a SSL connection. This keyword is only available if the server
# This keyword is only available if the server is compiled with SSL support
# is compiled with SSL support enabled.
# enabled.
#
# The format of this record is identical to that of "host".
# Record type "local"
# Record type "local"
# ------------------
# ------------------
...
@@ -101,43 +72,86 @@
...
@@ -101,43 +72,86 @@
#
#
# local DBNAME AUTHTYPE [AUTH_ARGUMENT]
# local DBNAME AUTHTYPE [AUTH_ARGUMENT]
#
#
# The format is the same as that of the "host" record type except that
the
# The format is the same as that of the "host" record type except that
#
IP_ADDRESS and ADDRESS_MASK are omitted and the "ident", "krb4" and "krb5"
#
the IP_ADDRESS and ADDRESS_MASK are omitted. Local supports only
#
values of AUTHTYPE are not allowed
.
#
AUTHTYPEs "trust", "password", "crypt", and "reject"
.
# For backwards compatibility, PostgreSQL also accepts pre-version 6 records,
# which look like:
#
# all 127.0.0.1 0.0.0.0
# Authentication Types (AUTHTYPE)
# -------------------------------
#
# AUTHTYPE is a keyword indicating the method used to authenticate the
# user, i.e. to determine that the user is authorized to connect under
# the PostgreSQL username supplied in his connection parameters.
#
# trust: No authentication is done. Trust that the user has the
# authority to use whatever username he specifies.
#
# password: Authentication is done by matching a password supplied
# in clear by the host. If AUTH_ARGUMENT is specified then
# the password is compared with the user's entry in that
# file (in the $PGDATA directory). See pg_passwd(1). If it
# is omitted then the password is compared with the user's
# entry in the pg_shadow table.
#
# crypt: Same as 'password', but authentication is done by
# encrypting the password sent over the network.
#
# ident: Authentication is done by the ident server on the remote
# host, via the ident (RFC 1413) protocol. AUTH_ARGUMENT,
# if specified, is a map name to be found in the
# pg_ident.conf file. That table maps from ident usernames
# to PostgreSQL usernames. The special map name "sameuser"
# indicates an implied map (not found in pg_ident.conf)
# that maps every ident username to the identical
# PostgreSQL username.
#
# krb4: Kerberos V4 authentication is used.
#
# krb5: Kerberos V5 authentication is used.
#
# reject: Reject the connection.
# Examples
# --------
#
# TYPE DATABASE IP_ADDRESS MASK AUTHTYPE MAP
# TYPE DATABASE IP_ADDRESS MASK AUTHTYPE MAP
#
#host all 127.0.0.1 255.255.255.255 trust
#host all 127.0.0.1 255.255.255.255 trust
#
# The above allows any user on the local system to connect to any
database
# The above allows any user on the local system to connect to any
# under any username.
#
database
under any username.
#
#host template1 192.168.93.0 255.255.255.0 ident sameuser
#host template1 192.168.93.0 255.255.255.0 ident sameuser
#
# The above allows any user from any host with IP address 192.168.93.x to
# The above allows any user from any host with IP address 192.168.93.x to
# connect to database template1 as the same username that ident on that host
# connect to database template1 as the same username that ident on that
# identifies him as (typically his Unix username).
# host identifies him as (typically his Unix username).
#
#host template1 192.168.12.10 255.255.255.255 crypt
#
# The above allows a user from host 192.168.12.10 to connect to
# database template1 if the password assigned to that user is
# supplied. User passwords are optionally assigned when a
# user is created.
#
#host all 192.168.54.1 255.255.255.255 reject
#host all 192.168.54.1 255.255.255.255 reject
#host all 0.0.0.0 0.0.0.0 trust
#host all 0.0.0.0 0.0.0.0 trust
#
# The above would allow anyone anywhere except from 192.168.54.1 to
connect to
# The above would allow anyone anywhere except from 192.168.54.1 to
# any database under any username.
#
connect to
any database under any username.
#
#host all 192.168.77.0 255.255.255.0 ident omicron
#host all 192.168.77.0 255.255.255.0 ident omicron
#
#
# The above would allow users from 192.168.77.x hosts to connect to any
# The above would allow users from 192.168.77.x hosts to connect to any
# database, but if Ident says the user is "bryanh" and he requests to
# database, but if Ident says the user is "bryanh" and he requests to
# connect as PostgreSQL user "guest1", the connection is only allowed if
# connect as PostgreSQL user "guest1", the connection is only allowed if
# there is an entry for map "omicron" in pg_ident.conf that says "bryanh" is
# there is an entry for map "omicron" in pg_ident.conf that says "bryanh"
# allowed to connect as "guest1".
# is allowed to connect as "guest1".
#
# By default, allow anything over UNIX domain sockets and localhost.
# By default, allow anything over UNIX domain sockets and localhost.
local all trust
local all trust
host all 127.0.0.1 255.255.255.255 trust
host all 127.0.0.1 255.255.255.255 trust
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment