Difference between revisions of "/etc/postgresql/12/main/pg hba.conf"
Jump to navigation
Jump to search
(Created page with " cat /etc/postgresql/12/main/pg_hba.conf | grep -v "#" | grep . local all postgres peer local all all...") |
|||
Line 8: | Line 8: | ||
host replication all ::1/128 md5 | host replication all ::1/128 md5 | ||
+ | |||
+ | == Ubuntu == | ||
+ | <pre> | ||
+ | cat /etc/postgresql/12/main/pg_hba.conf | ||
+ | # PostgreSQL Client Authentication Configuration File | ||
+ | # =================================================== | ||
+ | # | ||
+ | # Refer to the "Client Authentication" section in the PostgreSQL | ||
+ | # documentation for a complete description of this file. A short | ||
+ | # synopsis follows. | ||
+ | # | ||
+ | # This file controls: which hosts are allowed to connect, how clients | ||
+ | # are authenticated, which PostgreSQL user names they can use, which | ||
+ | # databases they can access. Records take one of these forms: | ||
+ | # | ||
+ | # local DATABASE USER METHOD [OPTIONS] | ||
+ | # host DATABASE USER ADDRESS METHOD [OPTIONS] | ||
+ | # hostssl DATABASE USER ADDRESS METHOD [OPTIONS] | ||
+ | # hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] | ||
+ | # hostgssenc DATABASE USER ADDRESS METHOD [OPTIONS] | ||
+ | # hostnogssenc DATABASE USER ADDRESS METHOD [OPTIONS] | ||
+ | # | ||
+ | # (The uppercase items must be replaced by actual values.) | ||
+ | # | ||
+ | # The first field is the connection type: "local" is a Unix-domain | ||
+ | # socket, "host" is either a plain or SSL-encrypted TCP/IP socket, | ||
+ | # "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a | ||
+ | # non-SSL TCP/IP socket. Similarly, "hostgssenc" uses a | ||
+ | # GSSAPI-encrypted TCP/IP socket, while "hostnogssenc" uses a | ||
+ | # non-GSSAPI socket. | ||
+ | # | ||
+ | # DATABASE can be "all", "sameuser", "samerole", "replication", a | ||
+ | # database name, or a comma-separated list thereof. The "all" | ||
+ | # keyword does not match "replication". Access to replication | ||
+ | # must be enabled in a separate record (see example below). | ||
+ | # | ||
+ | # USER can be "all", a user name, a group name prefixed with "+", or a | ||
+ | # comma-separated list thereof. In both the DATABASE and USER fields | ||
+ | # you can also write a file name prefixed with "@" to include names | ||
+ | # from a separate file. | ||
+ | # | ||
+ | # ADDRESS specifies the set of hosts the record matches. It can be a | ||
+ | # host name, or it is made up of an IP address and a CIDR mask that is | ||
+ | # an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that | ||
+ | # specifies the number of significant bits in the mask. A host name | ||
+ | # that starts with a dot (.) matches a suffix of the actual host name. | ||
+ | # Alternatively, you can write an IP address and netmask in separate | ||
+ | # columns to specify the set of hosts. Instead of a CIDR-address, you | ||
+ | # can write "samehost" to match any of the server's own IP addresses, | ||
+ | # or "samenet" to match any address in any subnet that the server is | ||
+ | # directly connected to. | ||
+ | # | ||
+ | # METHOD can be "trust", "reject", "md5", "password", "scram-sha-256", | ||
+ | # "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". | ||
+ | # Note that "password" sends passwords in clear text; "md5" or | ||
+ | # "scram-sha-256" are preferred since they send encrypted passwords. | ||
+ | # | ||
+ | # OPTIONS are a set of options for the authentication in the format | ||
+ | # NAME=VALUE. The available options depend on the different | ||
+ | # authentication methods -- refer to the "Client Authentication" | ||
+ | # section in the documentation for a list of which options are | ||
+ | # available for which authentication methods. | ||
+ | # | ||
+ | # Database and user names containing spaces, commas, quotes and other | ||
+ | # special characters must be quoted. Quoting one of the keywords | ||
+ | # "all", "sameuser", "samerole" or "replication" makes the name lose | ||
+ | # its special character, and just match a database or username with | ||
+ | # that name. | ||
+ | # | ||
+ | # This file is read on server startup and when the server receives a | ||
+ | # SIGHUP signal. If you edit the file on a running system, you have to | ||
+ | # SIGHUP the server for the changes to take effect, run "pg_ctl reload", | ||
+ | # or execute "SELECT pg_reload_conf()". | ||
+ | # | ||
+ | # Put your actual configuration here | ||
+ | # ---------------------------------- | ||
+ | # | ||
+ | # If you want to allow non-local connections, you need to add more | ||
+ | # "host" records. In that case you will also need to make PostgreSQL | ||
+ | # listen on a non-local interface via the listen_addresses | ||
+ | # configuration parameter, or via the -i or -h command line switches. | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | # DO NOT DISABLE! | ||
+ | # If you change this first entry you will need to make sure that the | ||
+ | # database superuser can access the database using some other method. | ||
+ | # Noninteractive access to all databases is required during automatic | ||
+ | # maintenance (custom daily cronjobs, replication, and similar tasks). | ||
+ | # | ||
+ | # Database administrative login by Unix domain socket | ||
+ | local all postgres peer | ||
+ | |||
+ | # TYPE DATABASE USER ADDRESS METHOD | ||
+ | |||
+ | # "local" is for Unix domain socket connections only | ||
+ | local all all peer | ||
+ | # IPv4 local connections: | ||
+ | host all all 127.0.0.1/32 md5 | ||
+ | # IPv6 local connections: | ||
+ | host all all ::1/128 md5 | ||
+ | # Allow replication connections from localhost, by a user with the | ||
+ | # replication privilege. | ||
+ | local replication all peer | ||
+ | host replication all 127.0.0.1/32 md5 | ||
+ | host replication all ::1/128 md5 | ||
+ | </pre> | ||
Revision as of 11:25, 4 March 2021
cat /etc/postgresql/12/main/pg_hba.conf | grep -v "#" | grep . local all postgres peer local all all peer host all all 127.0.0.1/32 md5 host all all ::1/128 md5 local replication all peer host replication all 127.0.0.1/32 md5 host replication all ::1/128 md5
Ubuntu
cat /etc/postgresql/12/main/pg_hba.conf # PostgreSQL Client Authentication Configuration File # =================================================== # # Refer to the "Client Authentication" section in the PostgreSQL # documentation for a complete description of this file. A short # synopsis follows. # # This file controls: which hosts are allowed to connect, how clients # are authenticated, which PostgreSQL user names they can use, which # databases they can access. Records take one of these forms: # # local DATABASE USER METHOD [OPTIONS] # host DATABASE USER ADDRESS METHOD [OPTIONS] # hostssl DATABASE USER ADDRESS METHOD [OPTIONS] # hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] # hostgssenc DATABASE USER ADDRESS METHOD [OPTIONS] # hostnogssenc DATABASE USER ADDRESS METHOD [OPTIONS] # # (The uppercase items must be replaced by actual values.) # # The first field is the connection type: "local" is a Unix-domain # socket, "host" is either a plain or SSL-encrypted TCP/IP socket, # "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a # non-SSL TCP/IP socket. Similarly, "hostgssenc" uses a # GSSAPI-encrypted TCP/IP socket, while "hostnogssenc" uses a # non-GSSAPI socket. # # DATABASE can be "all", "sameuser", "samerole", "replication", a # database name, or a comma-separated list thereof. The "all" # keyword does not match "replication". Access to replication # must be enabled in a separate record (see example below). # # USER can be "all", a user name, a group name prefixed with "+", or a # comma-separated list thereof. In both the DATABASE and USER fields # you can also write a file name prefixed with "@" to include names # from a separate file. # # ADDRESS specifies the set of hosts the record matches. It can be a # host name, or it is made up of an IP address and a CIDR mask that is # an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that # specifies the number of significant bits in the mask. A host name # that starts with a dot (.) matches a suffix of the actual host name. # Alternatively, you can write an IP address and netmask in separate # columns to specify the set of hosts. Instead of a CIDR-address, you # can write "samehost" to match any of the server's own IP addresses, # or "samenet" to match any address in any subnet that the server is # directly connected to. # # METHOD can be "trust", "reject", "md5", "password", "scram-sha-256", # "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". # Note that "password" sends passwords in clear text; "md5" or # "scram-sha-256" are preferred since they send encrypted passwords. # # OPTIONS are a set of options for the authentication in the format # NAME=VALUE. The available options depend on the different # authentication methods -- refer to the "Client Authentication" # section in the documentation for a list of which options are # available for which authentication methods. # # Database and user names containing spaces, commas, quotes and other # special characters must be quoted. Quoting one of the keywords # "all", "sameuser", "samerole" or "replication" makes the name lose # its special character, and just match a database or username with # that name. # # This file is read on server startup and when the server receives a # SIGHUP signal. If you edit the file on a running system, you have to # SIGHUP the server for the changes to take effect, run "pg_ctl reload", # or execute "SELECT pg_reload_conf()". # # Put your actual configuration here # ---------------------------------- # # If you want to allow non-local connections, you need to add more # "host" records. In that case you will also need to make PostgreSQL # listen on a non-local interface via the listen_addresses # configuration parameter, or via the -i or -h command line switches. # DO NOT DISABLE! # If you change this first entry you will need to make sure that the # database superuser can access the database using some other method. # Noninteractive access to all databases is required during automatic # maintenance (custom daily cronjobs, replication, and similar tasks). # # Database administrative login by Unix domain socket local all postgres peer # TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all all peer # IPv4 local connections: host all all 127.0.0.1/32 md5 # IPv6 local connections: host all all ::1/128 md5 # Allow replication connections from localhost, by a user with the # replication privilege. local replication all peer host replication all 127.0.0.1/32 md5 host replication all ::1/128 md5
See also
- PostgreSQL:
pg_dump, pg_restore
,pgAdmin, pg_config, psql, pg_ctl, pg_isready, initdb
, Role, Schema, DBeaver, Navicat, DataGrip, OmniDB,Adminer
, docker-compose.xml PostgreSQL, PostgreSQL version, PostgreSQL logs,postgresql.conf
,pg_hba.conf, $HOME/.pg_service.conf
, Create database (PostgreSQL), Create user,createdb
,GRANT
,pg_stat
, PostgreSQL VACUUM, EXPLAIN,pg stat activity
, Autovacuum, ALTER DATABASE, PostgreSQL statistics collector, Shared buffers, EXPLAIN (PostgreSQL),EXPLAIN ANALYZE
, Bitmap scan,EXPLAIN VERBOSE
,EXPLAIN VERBOSE (PostgresSQL)
,WAL
,ALTER USER
,CREATE ROLE, CREATE USER
,\du
,show users
,\l
, The Statistics Collector, pganalyze,cron.schedule
, Master,pg_tables
, PostgreSQL replication,CREATE, SET
, TOAST, PgBouncer, Restore DB, Index, meta-commands, Table, foreign table, Schema, Sequence, Views, materialized view, Table Partitioning, monitoring, PostgreSQL System Administration Functions, PostgreSQL extension, privileges, logging, PGTune, PostgreSQL parameter tunning, PostgreSQL modules, pgbench, PostgreSQL users, catalogs
Advertising: