On Thu, Jan 22, 2004 at 15:33:05 +0100,
Henk van Lingen <henkvl@cs.uu.nl> wrote:
> Hi,
>
> docs say (19.2.1):
>
> When trust authentication is specified, PostgreSQL assumes that anyone who
> can connect to the server is authorized to access the database as whatever
> database user he specifies (including the database superuser). This method
> should only be used when there is adequate operating system-level
> protection on connections to the server.
>
> but nowadays one can specify users in pg_hba.conf, and 19.1 says:
>
> user
>
> Specifies which PostgreSQL users this record matches. The value all
> specifies that it matches all users. Otherwise, this is the name of a
> specific PostgreSQL user. Multiple user names can be supplied by
> separating them with commas. Group names can be specified by preceding
> the group name with +. A file containing user names can be specified by
> preceding the file name with @. The file must be in the same directory
> as pg_hba.conf.
>
> Which of these is right? I hope the last also holds for 'trust' lines?
Both. The second part says that in pg_hba.conf you can say which postgres
users can connect to which databases. The first part says that trust
authentication says that postgres will allow you to be whatever user you
want without having to prove it in any way.