Обсуждение: pg_hba.conf authorization question
Could someone give me guidance on the following.
I would like to configure the DB such that connections will only be allowed to users created using createuser verified by the password that was set during the creatuser process. The user and password do NOT correlate to system users(linux host). Connections will be both local and TCP based.
Rather than the open to everyone entries that I have in pg_hba.conf below, what should the entries look like under
# TYPE DATABASE IP_ADDRESS MASK AUTH_TYPE AUTH_ARGUMENT
local all trust
host all 127.0.0.1 255.255.255.255 trust
host all 192.168.100.0 255.255.255.0 trust
host all 127.0.0.1 255.255.255.255 trust
host all 192.168.100.0 255.255.255.0 trust
Thanks,
reid
On Fri, Dec 13, 2002 at 11:25:00AM -0500, Reid Thompson wrote: > Could someone give me guidance on the following. > I would like to configure the DB such that connections will only be > allowed to users created using createuser verified by the password that > was set during the creatuser process. The user and password do NOT > correlate to system users(linux host). Connections will be both local > and TCP based. > Rather than the open to everyone entries that I have in pg_hba.conf > below, what should the entries look like under > > # TYPE DATABASE IP_ADDRESS MASK AUTH_TYPE > AUTH_ARGUMENT > local all trust > host all 127.0.0.1 255.255.255.255 trust > host all 192.168.100.0 255.255.255.0 trust AFAIK the AUTH_TYPE "trust" doesn't look for password but let the user connect. IMHO the AUTH_TYPE "md5" compares the given password with that stored in pg_shadow. But i've never tried... Greetings, -tb -- Thomas Beutin tb@laokoon.IN-Berlin.DE Beam me up, Scotty. There is no intelligent live down in Redmond.
Either md5 or password will work. But I'd recommend md5 for security reasons. That will send passwords using encryption (double). Also note that in order to this work every user must have a password set in pg_shadow. Also set security = true in postgresql.conf. And use "alter user 'myuser' set encrypted password 'password'" command to set passwords.
# TYPE DATABASE IP_ADDRESS MASK AUTH_TYPE AUTH_ARGUMENT
local all md5
host all 127.0.0.1 255.255.255.255 md5
host all 192.168.100.0 255.255.255.0 md5
host all 127.0.0.1 255.255.255.255 md5
host all 192.168.100.0 255.255.255.0 md5
Regards,
Çağıl ŞEKER
-----------------
"Yes, I am a criminal. My crime is that of outsmarting you. Something that you'll never forgive me for!" - The Mentor'86 (Hacker's Manifesto)
-----------------
-----Original Message-----
From: Reid Thompson [mailto:Reid.Thompson@ateb.com]
Sent: 13 Aralık 2002 Cuma 18:25
To: pgsql-general@postgresql.org
Subject: [GENERAL] pg_hba.conf authorization question
Could someone give me guidance on the following.I would like to configure the DB such that connections will only be allowed to users created using createuser verified by the password that was set during the creatuser process. The user and password do NOT correlate to system users(linux host). Connections will be both local and TCP based.Rather than the open to everyone entries that I have in pg_hba.conf below, what should the entries look like under# TYPE DATABASE IP_ADDRESS MASK AUTH_TYPE AUTH_ARGUMENTlocal all trust
host all 127.0.0.1 255.255.255.255 trust
host all 192.168.100.0 255.255.255.0 trustThanks,reid