postgresql/src/backend/libpq/pg_hba.conf.sample

#
# Example Postgres95 host access control file.
#
# 
# This file controls what hosts are allowed to connect to what databases
# and specifies some options on how users on a particular host are identified.
# 
# Each line (terminated by a newline character) is a record.  A record cannot
# be continued across two lines.
# 
# There are 3 kinds of records:
# 
#   1) comment:  Starts with #.
# 
#   2) empty:  Contains nothing excepting spaces and tabs.
# 
#   3) content: anything else.  
# 
# Unless specified otherwise, "record" from here on means a content
# record.
# 
# A record consists of tokens separated by spaces or tabs.  Spaces and
# tabs at the beginning and end of a record are ignored as are extra
# spaces and tabs between two tokens.
# 
# The first token in a record is the record type.  The interpretation of the
# rest of the record depends on the record type.
# 
# Record type "host"
# ------------------
# 
# This record identifies a set of hosts that are permitted to connect to
# databases.  No hosts are permitted to connect except as specified by a
# "host" record.
#
# Format:
# 
#   host DBNAME IP_ADDRESS ADDRESS_MASK USERAUTH [MAP]
# 
# DBNAME is the name of a Postgres database, or "all" to indicate all 
# databases.
# 
# IP_ADDRESS and ADDRESS_MASK are a standard dotted decimal IP address and
# mask to identify a set of hosts.  These hosts are allowed to connect to 
# Database DBNAME. 
# 
# USERAUTH is a keyword indicating the method used to authenticate the 
# user, i.e. to determine that the principal is authorized to connect
# under the Postgres username he supplies in his connection parameters.
#
#   ident:  Authentication is done by the ident server on the remote
#           host, via the ident (RFC 1413) protocol.
#
#   trust:  No authentication is done.  Trust that the user has the 
#           authority to user whatever username he says he does.
#           Before Postgres Version 6, all authentication was this way.
#
# MAP is the name of a map that matches an authenticated principal with
# a Postgres username.  If USERNAME is "trust", this value is ignored and
# may be absent.
#
# In the case of USERAUTH=ident, this is a map name to be found in the 
# pg_ident.conf file.  That table maps from ident usernames to Postgres 
# usernames.  The special map name "sameuser" indicates an implied map
# (not found in pg_ident.conf) that maps every ident username to the identical
# Postgres username.

# 
# For backwards compatibility, Postgres also accepts pre-Version 2 records,
# which look like:
# 
#   all         127.0.0.1    0.0.0.0
# 
#

# TYPE       DATABASE    IP_ADDRESS    MASK              USERAUTH  MAP
 
host         all         127.0.0.1     255.255.255.255   trust     
 
# The above allows any user on the local system to connect to any database
# under any username.
 
host         template1   192.168.0.0   255.255.255.0     ident     sameuser
 
# The above allows any user from any host with IP address 192.168.0.x to
# connect to database template1 as the same username that ident on that host
# identifies him as (typically his Unix username).  

#host         all        0.0.0.0       0.0.0.0           trust

# The above would allow anyone anywhere to connect to any database under
# any username.

#host         all        192.168.0.0  255.255.255.0      ident     omicron
#
# The above would allow users from 192.168.0.x hosts to connect to any
# database, but if e.g. Ident says the user is "bryanh" and he requests to
# connect as Postgres user "guest1", the connection is only allowed if
# there is an entry for map "omicron" in pg_ident.conf that says "bryanh" is 
# allowed to connect as "guest1".
New host-based authentication with ident 1996-10-12 09:47:12 +02:00			`#`
			`# Example Postgres95 host access control file.`
			`#`
			`#`
			`# This file controls what hosts are allowed to connect to what databases`
			`# and specifies some options on how users on a particular host are identified.`
			`#`
			`# Each line (terminated by a newline character) is a record. A record cannot`
			`# be continued across two lines.`
			`#`
			`# There are 3 kinds of records:`
			`#`
			`# 1) comment: Starts with #.`
			`#`
			`# 2) empty: Contains nothing excepting spaces and tabs.`
			`#`
			`# 3) content: anything else.`
			`#`
			`# Unless specified otherwise, "record" from here on means a content`
			`# record.`
			`#`
			`# A record consists of tokens separated by spaces or tabs. Spaces and`
			`# tabs at the beginning and end of a record are ignored as are extra`
			`# spaces and tabs between two tokens.`
			`#`
			`# The first token in a record is the record type. The interpretation of the`
			`# rest of the record depends on the record type.`
			`#`
			`# Record type "host"`
			`# ------------------`
			`#`
			`# This record identifies a set of hosts that are permitted to connect to`
			`# databases. No hosts are permitted to connect except as specified by a`
			`# "host" record.`
			`#`
			`# Format:`
			`#`
			`# host DBNAME IP_ADDRESS ADDRESS_MASK USERAUTH [MAP]`
			`#`
			`# DBNAME is the name of a Postgres database, or "all" to indicate all`
			`# databases.`
			`#`
			`# IP_ADDRESS and ADDRESS_MASK are a standard dotted decimal IP address and`
			`# mask to identify a set of hosts. These hosts are allowed to connect to`
			`# Database DBNAME.`
			`#`
			`# USERAUTH is a keyword indicating the method used to authenticate the`
			`# user, i.e. to determine that the principal is authorized to connect`
			`# under the Postgres username he supplies in his connection parameters.`
			`#`
			`# ident: Authentication is done by the ident server on the remote`
			`# host, via the ident (RFC 1413) protocol.`
			`#`
			`# trust: No authentication is done. Trust that the user has the`
			`# authority to user whatever username he says he does.`
			`# Before Postgres Version 6, all authentication was this way.`
			`#`
			`# MAP is the name of a map that matches an authenticated principal with`
			`# a Postgres username. If USERNAME is "trust", this value is ignored and`
			`# may be absent.`
			`#`
			`# In the case of USERAUTH=ident, this is a map name to be found in the`
			`# pg_ident.conf file. That table maps from ident usernames to Postgres`
			`# usernames. The special map name "sameuser" indicates an implied map`
			`# (not found in pg_ident.conf) that maps every ident username to the identical`
			`# Postgres username.`

			`#`
			`# For backwards compatibility, Postgres also accepts pre-Version 2 records,`
			`# which look like:`
			`#`
			`# all 127.0.0.1 0.0.0.0`
			`#`
			`#`

			`# TYPE DATABASE IP_ADDRESS MASK USERAUTH MAP`

			`host all 127.0.0.1 255.255.255.255 trust`

			`# The above allows any user on the local system to connect to any database`
			`# under any username.`

			`host template1 192.168.0.0 255.255.255.0 ident sameuser`

			`# The above allows any user from any host with IP address 192.168.0.x to`
			`# connect to database template1 as the same username that ident on that host`
			`# identifies him as (typically his Unix username).`

			`#host all 0.0.0.0 0.0.0.0 trust`

			`# The above would allow anyone anywhere to connect to any database under`
			`# any username.`

			`#host all 192.168.0.0 255.255.255.0 ident omicron`
			`#`
			`# The above would allow users from 192.168.0.x hosts to connect to any`
			`# database, but if e.g. Ident says the user is "bryanh" and he requests to`
			`# connect as Postgres user "guest1", the connection is only allowed if`
			`# there is an entry for map "omicron" in pg_ident.conf that says "bryanh" is`
			`# allowed to connect as "guest1".`