Search Postgresql Archives

Re: Postgres Pain Points: 1 pg_hba conf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/11/2016 1:48 PM, Jeff Janes wrote:
#1) pg_hba conf
> Out of the box the md5 setting blocks access.
That depends on which box you got it out of.  If you compile the
source yourself, its default settings are 'trust', not 'md5'.

If you get it from a repository, it is up to the repository's policies
and/or the packager's tastes to decide what defaults to use.

In my hands, md5 blocks access exactly when it should, when the user
fails to provide the valid password.

my defacto pg_hba.conf reads like this...


local    all    all                        peer
host    all    all 127.0.0.0/8   md5
host    all    all ::1                   md5
# host all all xxx.yyy.zzz.0/24  md5      ## uncomment and adjust hostmask to suit LAN client addresses


with this setup, if user X runs psql with no arguments, it authenticates them as sql user X.  if user X wants to connect to postgres as sql user Y, then `psql -h localhost -U Y ...` (or equivalent in whatever API) and use the sql Y role password to authenticate.





-- 
john r pierce, recycling bits in santa cruz

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux