Clean up pg_hba.conf
This commit is contained in:
Bruce Momjian
parent
b2d7c58cb2
commit
7bcc2da09f
|
|
@ -39,7 +39,7 @@
|
|||
#
|
||||
# host DBNAME IP_ADDRESS ADDRESS_MASK USERAUTH [AUTH_ARGUMENT]
|
||||
#
|
||||
# DBNAME is the name of a Postgres database, or "all" to indicate all
|
||||
# DBNAME is the name of a PostgreSQL database, or "all" to indicate all
|
||||
# databases.
|
||||
#
|
||||
# IP_ADDRESS and ADDRESS_MASK are a standard dotted decimal IP address and
|
||||
|
|
@ -48,25 +48,25 @@
|
|||
#
|
||||
# USERAUTH is a keyword indicating the method used to authenticate the
|
||||
# user, i.e. to determine that the principal is authorized to connect
|
||||
# under the Postgres username he supplies in his connection parameters.
|
||||
# under the PostgreSQL username he supplies in his connection parameters.
|
||||
#
|
||||
# ident: Authentication is done by the ident server on the remote
|
||||
# host, via the ident (RFC 1413) protocol. AUTH_ARGUMENT, if
|
||||
# specified, is a map name to be found in the pg_ident.conf file.
|
||||
# That table maps from ident usernames to Postgres usernames. The
|
||||
# That table maps from ident usernames to PostgreSQL usernames. The
|
||||
# special map name "sameuser" indicates an implied map (not found
|
||||
# in pg_ident.conf) that maps every ident username to the identical
|
||||
# Postgres username.
|
||||
# PostgreSQL username.
|
||||
#
|
||||
# trust: No authentication is done. Trust that the user has the
|
||||
# authority to user whatever username he says he does.
|
||||
# Before Postgres Version 6, all authentication was this way.
|
||||
# authority to use whatever username he specifies. Before
|
||||
# PostgreSQL version 6, all authentication was done this way.
|
||||
#
|
||||
# reject: Reject the connection.
|
||||
#
|
||||
# password: Authentication is done by matching a password supplied in clear
|
||||
# by the host. If AUTH_ARGUMENT is specified then the password is
|
||||
# compared with the user's entry in that file (in the $PGDATA
|
||||
# by the host. If AUTH_ARGUMENT is specified then the password
|
||||
# is compared with the user's entry in that file (in the $PGDATA
|
||||
# directory). See pg_passwd(1). If it is omitted then the
|
||||
# password is compared with the user's entry in the pg_shadow
|
||||
# table.
|
||||
|
|
@ -90,9 +90,9 @@
|
|||
#
|
||||
# The format is the same as that of the "host" record type except that the
|
||||
# IP_ADDRESS and ADDRESS_MASK are omitted and the "ident", "krb4" and "krb5"
|
||||
# values of USERAUTH are no allowed.
|
||||
# values of USERAUTH are not allowed.
|
||||
|
||||
# For backwards compatibility, PostgreSQL also accepts pre-Version 6 records,
|
||||
# For backwards compatibility, PostgreSQL also accepts pre-version 6 records,
|
||||
# which look like:
|
||||
#
|
||||
# all 127.0.0.1 0.0.0.0
|
||||
|
|
@ -119,8 +119,8 @@
|
|||
#host all 192.168.0.0 255.255.255.0 ident omicron
|
||||
#
|
||||
# The above would allow users from 192.168.0.x hosts to connect to any
|
||||
# database, but if e.g. Ident says the user is "bryanh" and he requests to
|
||||
# connect as Postgres user "guest1", the connection is only allowed if
|
||||
# database, but if Ident says the user is "bryanh" and he requests to
|
||||
# connect as PostgreSQL user "guest1", the connection is only allowed if
|
||||
# there is an entry for map "omicron" in pg_ident.conf that says "bryanh" is
|
||||
# allowed to connect as "guest1".
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue