Скачать в pdf «PostgreSQL»

Database access is controlled via the data/pg_hba.eonf file, which is located in the PostgreSQL home directory. It contains several types of configuration entries:


Local entries control access by users logged into the same computer as the database server. Local connections use Unix domain sockets. The following per-database authentication options are available:

•    trust—Trust users connecting to this database.

•    password—Require a password of users connecting to this database.

•    crypt—Like password, except send the password in an encrypted manner. This method is more secure than password.

•    reject—Reject all connection requests for this database.

Host and Hostssl

Host and hostssl entries control tcp/ip network access. They include host and netmask fields. These entries support all of the local options, plus the following:

•    ident—Use a remote ident server for authentication.

•    krb4—Use Kerberos IV authentication.

•    krb5—Use Kerberos V authentication.

These entries are effective only if the postmaster uses the -i option. Hostssl controls access via the Secure Socket Layer (SSL) if enabled in the server.

User Mappings

By default, passwords used by password and crypt appear in the pgjhadow table. This table is managed by createuser and ALTER USER.

In addition, password takes an optional argument that specifies a secondary password file which overrides pgjhadow. This file contains user names and passwords of people who are allowed to connect. Using this method, a set of users can be given access to certain databases. See the pg_passwd manual page for more information on creating secondary password files. Currently, crypt does not support secondary password files.

Скачать в pdf «PostgreSQL»