1996-10-12 09:47:12 +02:00
|
|
|
#
|
2001-07-11 22:32:11 +02:00
|
|
|
# PostgreSQL HOST-BASED ACCESS (HBA) CONTROL FILE
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
|
|
|
#
|
|
|
|
# This file controls:
|
|
|
|
# o which hosts are allowed to connect
|
|
|
|
# o how users are authenticated on each host
|
|
|
|
# o databases accessible by each host
|
|
|
|
#
|
2001-08-01 02:48:52 +02:00
|
|
|
# It is read on postmaster startup and when the postmaster receives a SIGHUP.
|
|
|
|
# If you edit the file on a running system, you have to SIGHUP the postmaster
|
2002-03-08 21:36:58 +01:00
|
|
|
# for the changes to take effect, or use "pg_ctl reload".
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
2002-03-08 21:36:58 +01:00
|
|
|
# Each line is a new record. Records cannot span multiple lines.
|
|
|
|
# Comments begin with # and continue to the end of the line.
|
2001-07-31 17:45:20 +02:00
|
|
|
# Blank lines are ignored. A record consists of tokens separated by
|
2002-03-08 21:36:58 +01:00
|
|
|
# spaces or tabs.
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
2002-03-08 21:36:58 +01:00
|
|
|
# Each record specifies a connection type and authentication method. Most
|
|
|
|
# records also can restrict based on database name or IP address.
|
2001-11-19 00:24:16 +01:00
|
|
|
#
|
2002-03-08 21:36:58 +01:00
|
|
|
# When reading this file, the postmaster finds the first record that
|
|
|
|
# matches the connection type, client address, and database name, and uses
|
|
|
|
# that record to perform client authentication. If no record matches, the
|
|
|
|
# connection is rejected.
|
|
|
|
#
|
|
|
|
# The first token of a record indicates the connection type. The
|
|
|
|
# remainder of the record is interpreted based on that type.
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
|
|
|
# Record Types
|
|
|
|
# ============
|
|
|
|
#
|
2002-03-08 21:36:58 +01:00
|
|
|
# There are three record types:
|
2001-06-18 18:11:30 +02:00
|
|
|
# o host
|
|
|
|
# o hostssl
|
|
|
|
# o local
|
|
|
|
#
|
|
|
|
# host
|
|
|
|
# ----
|
|
|
|
#
|
2002-03-08 21:36:58 +01:00
|
|
|
# This record identifies hosts that are permitted to connect via TCP/IP.
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
1996-10-12 09:47:12 +02:00
|
|
|
# Format:
|
|
|
|
#
|
2002-04-04 06:25:54 +02:00
|
|
|
# host DATABASE USER IP_ADDRESS MASK AUTH_TYPE
|
|
|
|
#
|
|
|
|
# DATABASE can be:
|
|
|
|
# o a database name
|
|
|
|
# o "sameuser", which means a user can only access a database with the
|
|
|
|
# same name as their user name
|
|
|
|
# o "samegroup", which means a user can only access databases when they
|
|
|
|
# are members of a group with the same name as the database name
|
|
|
|
# o "all", which matches all databases
|
|
|
|
# o a list of database names, separated by commas
|
|
|
|
# o a file name containing database names, starting with '@'
|
|
|
|
#
|
|
|
|
# USER can be:
|
|
|
|
# o a user name
|
|
|
|
# o "all", which matches all users
|
|
|
|
# o a list of user names, separated by commas
|
|
|
|
# o a group name, starting with '+'
|
|
|
|
# o a file name containing user names, starting with '@'
|
|
|
|
#
|
|
|
|
# Files read using '@' can contain comma-separated database/user names,
|
|
|
|
# or one name per line. The files can also contain comments using '#'.
|
2001-11-20 19:23:37 +01:00
|
|
|
#
|
2002-04-04 06:25:54 +02:00
|
|
|
# IP_ADDRESS and MASK are standard dotted decimal IP address and
|
2001-06-18 18:11:30 +02:00
|
|
|
# mask values. IP addresses can only be specified numerically, not as
|
|
|
|
# domain or host names.
|
|
|
|
#
|
2002-03-08 21:36:58 +01:00
|
|
|
# Do not prevent the superuser from accessing the template1 database.
|
|
|
|
# Various utility commands need access to template1.
|
|
|
|
#
|
2002-04-04 06:25:54 +02:00
|
|
|
# AUTH_TYPE is described below.
|
2001-11-19 00:24:16 +01:00
|
|
|
#
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
|
|
|
# hostssl
|
|
|
|
# -------
|
|
|
|
#
|
|
|
|
# The format of this record is identical to "host".
|
|
|
|
#
|
2002-04-04 06:25:54 +02:00
|
|
|
# It specifies hosts that require connection via secure SSL. "host"
|
|
|
|
# allows SSL connections too, but "hostssl" requires SSL-secured
|
2002-03-08 21:36:58 +01:00
|
|
|
# connections.
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
2000-11-21 21:44:32 +01:00
|
|
|
# This keyword is only available if the server was compiled with SSL
|
2002-03-08 21:36:58 +01:00
|
|
|
# support.
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
|
|
|
#
|
|
|
|
# local
|
|
|
|
# -----
|
1996-10-12 09:47:12 +02:00
|
|
|
#
|
2002-03-08 21:36:58 +01:00
|
|
|
# This record identifies the authentication for local UNIX domain socket
|
|
|
|
# connections. Without this record, UNIX-socket connections are disallowed
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
1998-01-26 02:42:53 +01:00
|
|
|
# Format:
|
2002-04-04 06:25:54 +02:00
|
|
|
# local DATABASE USER AUTH_TYPE
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
2002-03-08 21:36:58 +01:00
|
|
|
# This format is identical to the "host" record type except there are no
|
2002-04-04 06:25:54 +02:00
|
|
|
# IP_ADDRESS and MASK fields.
|
2001-11-19 00:24:16 +01:00
|
|
|
#
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
|
|
|
#
|
|
|
|
# Authentication Types (AUTH_TYPE)
|
|
|
|
# ================================
|
|
|
|
#
|
2002-03-08 21:36:58 +01:00
|
|
|
# AUTH_TYPE indicates the method used to authenticate users. Each record
|
|
|
|
# has an AUTH_TYPE.
|
|
|
|
#
|
|
|
|
# trust:
|
2002-04-04 06:25:54 +02:00
|
|
|
# No authentication is done. Any valid user name is accepted,
|
2001-06-18 18:11:30 +02:00
|
|
|
# including the PostgreSQL superuser. This option should
|
2001-09-04 21:05:59 +02:00
|
|
|
# be used only for hosts where all users are trusted.
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
2002-03-08 21:36:58 +01:00
|
|
|
# md5:
|
2002-04-04 06:25:54 +02:00
|
|
|
# Requires the client to supply an MD5 encrypted password for
|
|
|
|
# authentication. This is the only method that allows encrypted
|
|
|
|
# passwords to be stored in pg_shadow.
|
2002-03-08 21:36:58 +01:00
|
|
|
#
|
|
|
|
# crypt:
|
2002-04-04 06:25:54 +02:00
|
|
|
# Same as "md5", but uses crypt for pre-7.2 clients.
|
2001-08-16 18:24:16 +02:00
|
|
|
#
|
2002-04-04 06:25:54 +02:00
|
|
|
# password:
|
|
|
|
# Same as "md5", but the password is sent in cleartext over
|
|
|
|
# the network. This should not be used on untrusted
|
|
|
|
# networks.
|
|
|
|
#
|
2002-03-08 21:36:58 +01:00
|
|
|
# ident:
|
|
|
|
# For TCP/IP connections, authentication is done by contacting the
|
|
|
|
# ident server on the client host. This is only as secure as the
|
2002-04-04 06:25:54 +02:00
|
|
|
# client machine. You must specify the map name after the 'ident'
|
|
|
|
# keyword. It determines how to map remote user names to
|
|
|
|
# PostgreSQL user names. If you use "sameuser", the user names are
|
|
|
|
# assumed to be identical. If not, the map name is looked up
|
|
|
|
# in the $PGDATA/pg_ident.conf file. The connection is accepted if
|
|
|
|
# that file contains an entry for this map name with the
|
|
|
|
# ident-supplied username and the requested PostgreSQL username.
|
2002-03-08 21:36:58 +01:00
|
|
|
#
|
2002-04-04 06:25:54 +02:00
|
|
|
# On machines that support unix-domain socket credentials
|
|
|
|
# (currently Linux, FreeBSD, NetBSD, and BSD/OS), ident allows
|
|
|
|
# reliable authentication of 'local' connections without ident
|
|
|
|
# running on the local machine.
|
2002-03-08 21:36:58 +01:00
|
|
|
#
|
|
|
|
# krb4:
|
|
|
|
# Kerberos V4 authentication is used. Allowed only for
|
2001-08-02 01:25:39 +02:00
|
|
|
# TCP/IP connections, not for local UNIX-domain sockets.
|
|
|
|
#
|
2002-03-08 21:36:58 +01:00
|
|
|
# krb5:
|
|
|
|
# Kerberos V5 authentication is used. Allowed only for
|
2001-08-02 01:25:39 +02:00
|
|
|
# TCP/IP connections, not for local UNIX-domain sockets.
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
2002-03-08 21:36:58 +01:00
|
|
|
# pam:
|
2002-04-04 06:25:54 +02:00
|
|
|
# Authentication is done by PAM using the default service name
|
|
|
|
# "postgresql". You can specify your own service name by adding
|
|
|
|
# the service name after the 'pam' keyword. To use this option,
|
|
|
|
# PostgreSQL must be configured --with-pam.
|
2001-09-06 05:23:38 +02:00
|
|
|
#
|
2002-03-08 21:36:58 +01:00
|
|
|
# reject:
|
|
|
|
# Reject the connection. This is used to reject certain hosts
|
2001-12-24 05:44:03 +01:00
|
|
|
# that are part of a network specified later in the file.
|
|
|
|
# To be effective, "reject" must appear before the later
|
|
|
|
# entries.
|
|
|
|
#
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
|
|
|
#
|
2000-05-30 19:18:25 +02:00
|
|
|
# Examples
|
2001-06-18 18:11:30 +02:00
|
|
|
# ========
|
2000-05-30 19:18:25 +02:00
|
|
|
#
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
|
|
|
# Allow any user on the local system to connect to any database under any
|
|
|
|
# username using Unix-domain sockets (the default for local connections):
|
2002-03-08 21:36:58 +01:00
|
|
|
#
|
2002-04-04 06:25:54 +02:00
|
|
|
# TYPE DATABASE USER IP_ADDRESS MASK AUTH_TYPE
|
|
|
|
# local all all trust
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
2002-03-08 21:36:58 +01:00
|
|
|
# The same using local loopback TCP/IP connections:
|
|
|
|
#
|
2002-04-04 06:25:54 +02:00
|
|
|
# TYPE DATABASE USER IP_ADDRESS MASK AUTH_TYPE
|
|
|
|
# host all all 127.0.0.1 255.255.255.255 trust
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
2000-11-21 21:44:32 +01:00
|
|
|
# Allow any user from any host with IP address 192.168.93.x to
|
2001-06-18 18:11:30 +02:00
|
|
|
# connect to database "template1" as the same username that ident reports
|
|
|
|
# for the connection (typically his Unix username):
|
|
|
|
#
|
2002-04-04 06:25:54 +02:00
|
|
|
# TYPE DATABASE USER IP_ADDRESS MASK AUTH_TYPE
|
|
|
|
# host template1 all 192.168.93.0 255.255.255.0 ident sameuser
|
2000-05-30 19:18:25 +02:00
|
|
|
#
|
2000-11-21 21:44:32 +01:00
|
|
|
# Allow a user from host 192.168.12.10 to connect to database "template1"
|
2002-04-04 06:25:54 +02:00
|
|
|
# if the user's password is correctly supplied:
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
2002-04-04 06:25:54 +02:00
|
|
|
# TYPE DATABASE USER IP_ADDRESS MASK AUTH_TYPE
|
|
|
|
# host template1 all 192.168.12.10 255.255.255.255 md5
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
2000-11-21 21:44:32 +01:00
|
|
|
# In the absence of preceding "host" lines, these two lines will reject
|
2001-06-18 18:11:30 +02:00
|
|
|
# all connection from 192.168.54.1 (since that entry will be matched
|
2002-03-08 21:36:58 +01:00
|
|
|
# first), but allow Kerberos V5 connections from anywhere else on the
|
|
|
|
# Internet. The zero mask means that no bits of the host IP address are
|
2002-04-04 06:25:54 +02:00
|
|
|
# considered so it matches any host:
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
|
|
|
#
|
2002-04-04 06:25:54 +02:00
|
|
|
# TYPE DATABASE USER IP_ADDRESS MASK AUTH_TYPE
|
|
|
|
# host all all 192.168.54.1 255.255.255.255 reject
|
|
|
|
# host all all 0.0.0.0 0.0.0.0 krb5
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
|
|
|
# Allow users from 192.168.x.x hosts to connect to any database if they
|
|
|
|
# pass the ident check. For example, if ident says the user is "james" and
|
|
|
|
# he requests to connect as PostgreSQL user "guest", the connection is
|
|
|
|
# allowed if there is an entry in $PGDATA/pg_ident.conf with map name
|
|
|
|
# "phoenix" that says "james" is allowed to connect as "guest":
|
2002-04-04 06:25:54 +02:00
|
|
|
# See $PGDATA/pg_ident.conf for more information on Ident maps.
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
2002-04-04 06:25:54 +02:00
|
|
|
# TYPE DATABASE USER IP_ADDRESS MASK AUTH_TYPE
|
|
|
|
# host all all 192.168.0.0 255.255.0.0 ident phoenix
|
|
|
|
#
|
|
|
|
# If these are the only three lines for local connections, they will
|
|
|
|
# allow local users to connect only to their own databases (databases
|
|
|
|
# with the same name as their user name) except for administrators and
|
|
|
|
# members of group 'support' who may connect to all databases . The file
|
|
|
|
# $PGDATA/admins contains a list of user names. Passwords are required in
|
|
|
|
# all cases.
|
|
|
|
#
|
|
|
|
# TYPE DATABASE USER IP_ADDRESS MASK AUTH_TYPE
|
|
|
|
# local sameuser all md5
|
|
|
|
# local all @admins md5
|
|
|
|
# local all +support md5
|
|
|
|
#
|
|
|
|
# The last two lines above can be combined into a single line:
|
|
|
|
#
|
|
|
|
# local all @admins,+support md5
|
|
|
|
#
|
|
|
|
# The database column can also use lists and file names, but not groups:
|
|
|
|
#
|
|
|
|
# local db1,db2,@demodbs all md5
|
2001-11-19 00:24:16 +01:00
|
|
|
#
|
|
|
|
#
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
2001-11-19 00:24:16 +01:00
|
|
|
#
|
|
|
|
#
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
2000-11-21 21:44:32 +01:00
|
|
|
# Put your actual configuration here
|
2001-06-18 18:11:30 +02:00
|
|
|
# ==================================
|
|
|
|
#
|
2002-03-08 21:36:58 +01:00
|
|
|
# The default configuration allows any local user to connect using any
|
|
|
|
# PostgreSQL username, including the superuser, over either UNIX domain
|
|
|
|
# sockets or TCP/IP.
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
2002-03-08 21:36:58 +01:00
|
|
|
# If you want to allow non-local connections, you need to add more "host"
|
|
|
|
# records. Also, remember TCP/IP connections are only enabled if you
|
|
|
|
# start the postmaster with the -i flag, or enable "tcpip_socket" in
|
|
|
|
# $PGDATA/postgresql.conf.
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
|
|
|
# CAUTION: if you are on a multiple-user machine, the default
|
|
|
|
# configuration is probably too liberal for you. Change it to use
|
2000-11-21 21:44:32 +01:00
|
|
|
# something other than "trust" authentication.
|
2001-06-18 18:11:30 +02:00
|
|
|
#
|
2002-04-04 06:25:54 +02:00
|
|
|
# TYPE DATABASE USER IP_ADDRESS MASK AUTH_TYPE
|
2001-06-18 18:11:30 +02:00
|
|
|
|
2002-04-04 06:25:54 +02:00
|
|
|
local all all trust
|
|
|
|
host all all 127.0.0.1 255.255.255.255 trust
|