# Allow any user on the local machine to use Unix domain socket (default for local connection) # connect to any database as any database user ### type Database User CIDR-ADDRESS methodlocal all trust # Same as above, but use loopback) TCP/IP connection # type Database User CIDR-ADDRESS methodhost all 127.0.0.1/32 trust # Same as the above line, however, it uses an independent mask field # type Database User IP-ADDRESS methodhost all 127.0.0.1 255.255.255.255 trust # allow any host whose IP address is 192.168.93.x to be connected to the database # "Postgres, use the same ident as their own host User ID his own # (usually his UNIX username) # type Database User CIDR-ADDRESS methodhost Postgres all 192.168.93.0/24 ident sameuser # Allow users from host 192.168.12.10 to connect to the "Postgres" database, # As long as the user provides the correct password. # Type Database User CIDR-ADDRESS methodhost Postgres all 192.168.12.10/32 MD5 # if there is no other "host" line above, the following two rows reject all connection requests from #192.168.54.1 (because the previous record matches first ), # However, the connection that allows valid Kerberos 5 authentication from any other place on the Internet # The Zero mask indicates that no bit of the Host IP address is considered. So it matches any host: # type Database User CIDR-ADDRESS methodhost all 192.168.54.1/32 rejecthost all 0.0.0.0/0 krb5 # allow any user from 192.168.x.x to connect to any database, as long as they pass the ident check # But if the ident says the user is "bryanh" and he asks to connect to the PostgreSQL user "guest1", # It is only in 'pg _ ident. conf 'contains the oing of "Omicron", which means that "bryanh" can be connected only when # "guest1" is used for join. # Type Database User CIDR-ADDRESS methodhost all 192.168.0.0/16 ident Omicron # If the following are only three rows for local join, then they will allow local users # Only connect to their own databases (the Database Name and database username have the same name), # Only the members in the administrator and role "support, they can connect to any database. # The $ pgdata/admins file lists the usernames that can be connected to all databases. # Password is required in all cases. # Type Database User CIDR-ADDRESS methodlocal sameuser all md5local all @ admins md5local all + support MD5 # the last two lines can be combined into a line of local all @ admins, + support MD5 # The list and file name of the database fields can also be used: Local db1, DB2, @ demodbs all MD5
For more information about ipvssql client authentication, refer:
- PostgreSQL 8.1 Chinese document:20.1.Pg_mirror.confFile
- PostgreSQL 8.1 Chinese document: 20.2. Authentication Method