> On 9 Feb 2024, at 08:41, Sanjay Minni <sanjay.minni@gmail.com> wrote:
> while trying to make multiple connects with different role names to a single database over VPN i faced a password
errorissue when trying to connect a send user
> It seems I had to change this line in pg_hba.conf and it worked:
>
> `# IPv4 external connections thru VPN
> #TYPE DATABASE USER ADDRESS METHOD
> host all all <ip> trust ` <=(from the earlier scram-sha-256)
>
> is this the way and is this correct from a security point of view ?
While correctness and security always needs to be evaluated from the specific
needs of an installation, the odds are pretty good that "No" is the correct
answer here. To quote the documentation on the "trust" setting:
"Allow the connection unconditionally. This method allows anyone that
can connect to the PostgreSQL database server to login as any
PostgreSQL user they wish, without the need for a password or any other
authentication."
I would recommend immediately reverting back to the scram-sha-256 setting and
figuring out why you were unable to login.
--
Daniel Gustafsson