On 8/16/2016 1:32 PM, support-tiger wrote:
local all all trust
so all unix 'domain' connections will allow any process on the system to authenticate as any SQL user. I nearly always use peer here. my applications which want to connect as a different db user than their os user, I specify host=localhost so it uses below instead...
host all all 127.0.0.1/32 trust
anyone coming in via ipv4 localhost can also authenticate as any SQL user. I always use md5 here, so apps connecting with host=localhost can specify a sql user, with a password.
host all all ::1/128 ident
anyone coming in as ipv6 localhost will require authd/identd protocol to identify them... ugh, hardly noone runs authd anymore, its considered bad security practice. its also inconsistent with ipv4 localhost above, so if you -h localhost, you're not sure what you're getting... I would always use md5 here.
-- john r pierce, recycling bits in santa cruz -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
