Project

General

Profile

1 6274 aaronmk
# PostgreSQL Client Authentication Configuration File
2
# ===================================================
3
#
4
# Refer to the "Client Authentication" section in the PostgreSQL
5
# documentation for a complete description of this file.  A short
6
# synopsis follows.
7
#
8
# This file controls: which hosts are allowed to connect, how clients
9
# are authenticated, which PostgreSQL user names they can use, which
10
# databases they can access.  Records take one of these forms:
11
#
12
# local      DATABASE  USER  METHOD  [OPTIONS]
13
# host       DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
14
# hostssl    DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
15
# hostnossl  DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
16
#
17
# (The uppercase items must be replaced by actual values.)
18
#
19
# The first field is the connection type: "local" is a Unix-domain
20
# socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
21
# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
22
# plain TCP/IP socket.
23
#
24
# DATABASE can be "all", "sameuser", "samerole", "replication", a
25
# database name, or a comma-separated list thereof. The "all"
26
# keyword does not match "replication". Access to replication
27
# must be enabled in a separate record (see example below).
28
#
29
# USER can be "all", a user name, a group name prefixed with "+", or a
30
# comma-separated list thereof.  In both the DATABASE and USER fields
31
# you can also write a file name prefixed with "@" to include names
32
# from a separate file.
33
#
34
# ADDRESS specifies the set of hosts the record matches.  It can be a
35
# host name, or it is made up of an IP address and a CIDR mask that is
36
# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
37
# specifies the number of significant bits in the mask.  A host name
38
# that starts with a dot (.) matches a suffix of the actual host name.
39
# Alternatively, you can write an IP address and netmask in separate
40
# columns to specify the set of hosts.  Instead of a CIDR-address, you
41
# can write "samehost" to match any of the server's own IP addresses,
42
# or "samenet" to match any address in any subnet that the server is
43
# directly connected to.
44
#
45
# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi",
46
# "krb5", "ident", "peer", "pam", "ldap", "radius" or "cert".  Note that
47
# "password" sends passwords in clear text; "md5" is preferred since
48
# it sends encrypted passwords.
49
#
50
# OPTIONS are a set of options for the authentication in the format
51
# NAME=VALUE.  The available options depend on the different
52
# authentication methods -- refer to the "Client Authentication"
53
# section in the documentation for a list of which options are
54
# available for which authentication methods.
55
#
56
# Database and user names containing spaces, commas, quotes and other
57
# special characters must be quoted.  Quoting one of the keywords
58
# "all", "sameuser", "samerole" or "replication" makes the name lose
59
# its special character, and just match a database or username with
60
# that name.
61
#
62
# This file is read on server startup and when the postmaster receives
63
# a SIGHUP signal.  If you edit the file on a running system, you have
64
# to SIGHUP the postmaster for the changes to take effect.  You can
65
# use "pg_ctl reload" to do that.
66
67
# Put your actual configuration here
68
# ----------------------------------
69
#
70
# If you want to allow non-local connections, you need to add more
71
# "host" records.  In that case you will also need to make PostgreSQL
72
# listen on a non-local interface via the listen_addresses
73
# configuration parameter, or via the -i or -h command line switches.
74
75
# CAUTION: Configuring the system for local "trust" authentication
76
# allows any local user to connect as any PostgreSQL user, including
77
# the database superuser.  If you do not trust all your local users,
78
# use another authentication method.
79
80
81 6322 aaronmk
# Database administrative login by UNIX sockets
82 10123 aaronmk
local   all         postgres                          ident map=postgres
83
host    all         postgres    127.0.0.1/32          md5
84
host    all         postgres    ::1/128               md5
85 6322 aaronmk
86 6274 aaronmk
# TYPE  DATABASE        USER            ADDRESS                 METHOD
87
88
# "local" is for Unix domain socket connections only
89 6277 aaronmk
#local   all             all                                     trust
90 6274 aaronmk
# IPv4 local connections:
91 6277 aaronmk
#host    all             all             127.0.0.1/32            trust
92 6274 aaronmk
# IPv6 local connections:
93 6277 aaronmk
#host    all             all             ::1/128                 trust
94 6274 aaronmk
# Allow replication connections from localhost, by a user with the
95
# replication privilege.
96 10123 aaronmk
#local   replication     postgres                                trust
97
#host    replication     postgres        127.0.0.1/32            trust
98
#host    replication     postgres        ::1/128                 trust
99 6332 aaronmk
100 6822 aaronmk
local   template1,vegbien  public_           trust
101 8832 aaronmk
host    template1,vegbien  public_ 0.0.0.0/0 trust
102 6822 aaronmk
host    template1,vegbien  public_ ::/0      trust
103
104 8831 aaronmk
local   all                +bien            md5
105 8832 aaronmk
host    all                +bien  0.0.0.0/0 md5
106 8831 aaronmk
host    all                +bien  ::/0      md5