> On 9 Feb 2024, at 08:41, Sanjay Minni <sanjay.minni@xxxxxxxxx> wrote: > while trying to make multiple connects with different role names to a single database over VPN i faced a password error issue when trying to connect a send user > It seems I had to change this line in pg_hba.conf and it worked: > > `# IPv4 external connections thru VPN > #TYPE DATABASE USER ADDRESS METHOD > host all all <ip> trust ` <=(from the earlier scram-sha-256) > > is this the way and is this correct from a security point of view ? While correctness and security always needs to be evaluated from the specific needs of an installation, the odds are pretty good that "No" is the correct answer here. To quote the documentation on the "trust" setting: "Allow the connection unconditionally. This method allows anyone that can connect to the PostgreSQL database server to login as any PostgreSQL user they wish, without the need for a password or any other authentication." I would recommend immediately reverting back to the scram-sha-256 setting and figuring out why you were unable to login. -- Daniel Gustafsson
