API tools faq
paste
Guest User

pg_hba.conf

a guest
Jun 26th, 2020
319
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
autoconf 4.77 KB | None | 0 0
raw download clone embed print report
  1. $ sudo gedit /etc/postgresql/12/main/pg_hba.conf
  2. --------------------------------------------------
  3. # PostgreSQL Client Authentication Configuration File
  4. # ===================================================
  5. #
  6. # Refer to the "Client Authentication" section in the PostgreSQL
  7. # documentation for a complete description of this file.  A short
  8. # synopsis follows.
  9. #
  10. # This file controls: which hosts are allowed to connect, how clients
  11. # are authenticated, which PostgreSQL user names they can use, which
  12. # databases they can access.  Records take one of these forms:
  13. #
  14. # local      DATABASE  USER  METHOD  [OPTIONS]
  15. # host       DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
  16. # hostssl    DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
  17. # hostnossl  DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
  18. #
  19. # (The uppercase items must be replaced by actual values.)
  20. #
  21. # The first field is the connection type: "local" is a Unix-domain
  22. # socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
  23. # "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
  24. # plain TCP/IP socket.
  25. #
  26. # DATABASE can be "all", "sameuser", "samerole", "replication", a
  27. # database name, or a comma-separated list thereof. The "all"
  28. # keyword does not match "replication". Access to replication
  29. # must be enabled in a separate record (see example below).
  30. #
  31. # USER can be "all", a user name, a group name prefixed with "+", or a
  32. # comma-separated list thereof.  In both the DATABASE and USER fields
  33. # you can also write a file name prefixed with "@" to include names
  34. # from a separate file.
  35. #
  36. # ADDRESS specifies the set of hosts the record matches.  It can be a
  37. # host name, or it is made up of an IP address and a CIDR mask that is
  38. # an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
  39. # specifies the number of significant bits in the mask.  A host name
  40. # that starts with a dot (.) matches a suffix of the actual host name.
  41. # Alternatively, you can write an IP address and netmask in separate
  42. # columns to specify the set of hosts.  Instead of a CIDR-address, you
  43. # can write "samehost" to match any of the server's own IP addresses,
  44. # or "samenet" to match any address in any subnet that the server is
  45. # directly connected to.
  46. #
  47. # METHOD can be "trust", "reject", "md5", "password", "scram-sha-256",
  48. # "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert".
  49. # Note that "password" sends passwords in clear text; "md5" or
  50. # "scram-sha-256" are preferred since they send encrypted passwords.
  51. #
  52. # OPTIONS are a set of options for the authentication in the format
  53. # NAME=VALUE.  The available options depend on the different
  54. # authentication methods -- refer to the "Client Authentication"
  55. # section in the documentation for a list of which options are
  56. # available for which authentication methods.
  57. #
  58. # Database and user names containing spaces, commas, quotes and other
  59. # special characters must be quoted.  Quoting one of the keywords
  60. # "all", "sameuser", "samerole" or "replication" makes the name lose
  61. # its special character, and just match a database or username with
  62. # that name.
  63. #
  64. # This file is read on server startup and when the server receives a
  65. # SIGHUP signal.  If you edit the file on a running system, you have to
  66. # SIGHUP the server for the changes to take effect, run "pg_ctl reload",
  67. # or execute "SELECT pg_reload_conf()".
  68. #
  69. # Put your actual configuration here
  70. # ----------------------------------
  71. #
  72. # If you want to allow non-local connections, you need to add more
  73. # "host" records.  In that case you will also need to make PostgreSQL
  74. # listen on a non-local interface via the listen_addresses
  75. # configuration parameter, or via the -i or -h command line switches.
  76.  
  77.  
  78.  
  79.  
  80. # DO NOT DISABLE!
  81. # If you change this first entry you will need to make sure that the
  82. # database superuser can access the database using some other method.
  83. # Noninteractive access to all databases is required during automatic
  84. # maintenance (custom daily cronjobs, replication, and similar tasks).
  85. #
  86. # Database administrative login by Unix domain socket
  87. local   all             postgres                                peer
  88.  
  89. # TYPE  DATABASE        USER            ADDRESS                 METHOD
  90.  
  91. # "local" is for Unix domain socket connections only
  92. local   all             all                                     peer
  93. # IPv4 local connections:
  94. host    all             all             127.0.0.1/32            md5
  95. # IPv6 local connections:
  96. host    all             all             ::1/128                 md5
  97. # Allow replication connections from localhost, by a user with the
  98. # replication privilege.
  99. local   replication     all                                     peer
  100. host    replication     all             127.0.0.1/32            md5
  101. host    replication     all             ::1/128                 md5
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!