# PostgreSQL Client Authentication Configuration File # =================================================== # # Refer to the PostgreSQL Administrator's Guide, chapter "Client # Authentication" for a complete description. A short synopsis # follows. # # This file controls: which hosts are allowed to connect, how clients # are authenticated, which PostgreSQL user names they can use, which # databases they can access. Records take one of three forms: # # local DATABASE USER METHOD [OPTION] # host DATABASE USER IP-ADDRESS IP-MASK METHOD [OPTION] # hostssl DATABASE USER IP-ADDRESS IP-MASK METHOD [OPTION] # # (The uppercase quantities should be replaced by actual values.) # DATABASE can be "all", "sameuser", "samegroup", a database name (or # a comma-separated list thereof), or a file name prefixed with "@". # USER can be "all", an actual user name or a group name prefixed with # "+" or a list containing either. IP-ADDRESS and IP-MASK specify the # set of hosts the record matches. METHOD can be "trust", "reject", # "md5", "crypt", "password", "krb4", "krb5", "ident", or "pam". Note # that "password" uses clear-text passwords; "md5" is preferred for # encrypted passwords. OPTION is the ident map or the name of the PAM # service. # # This file is read on server startup and when the postmaster receives # a SIGHUP signal. If you edit the file on a running system, you have # to SIGHUP the postmaster for the changes to take effect, or use # "pg_ctl reload". # Put your actual configuration here # ---------------------------------- # # CAUTION: The default configuration allows any local user to connect # using any PostgreSQL user name, including the superuser, over either # Unix-domain sockets or TCP/IP. If you are on a multiple-user # machine, the default configuration is probably too liberal for you. # Change it to use something other than "trust" authentication. # # If you want to allow non-local connections, you need to add more # "host" records. Also, remember TCP/IP connections are only enabled # if you enable "tcpip_socket" in postgresql.conf. # TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD #local all all trust #host all all 127.0.0.1 255.255.255.255 trust # Using sockets credentials for improved security. Not available everywhere, # but works on Linux, *BSD (and probably some others) local all all ident sameuser host all all 10.69.102.0 255.255.255.0 trust host all all 10.29.15.0 255.255.255.0 trust host all all 10.146.101.0 255.255.255.0 trust