Home > mailing lists

Re: Postgres Pain Points: 1 pg_hba conf - Mailing list pgsql-general

From	John R Pierce
Subject	Re: Postgres Pain Points: 1 pg_hba conf
Date	August 12, 2016 00:19:20
Msg-id	66353cd6-e5fd-7a0a-a79c-9e6c7c571f0a@hogranch.com Whole thread Raw
In response to	Re: Postgres Pain Points: 1 pg_hba conf (Jeff Janes <jeff.janes@gmail.com>)
List	pgsql-general

Tree view

On 8/11/2016 1:48 PM, Jeff Janes wrote:

#1) pg_hba conf
> Out of the box the md5 setting blocks access.

That depends on which box you got it out of.  If you compile the
source yourself, its default settings are 'trust', not 'md5'.

If you get it from a repository, it is up to the repository's policies
and/or the packager's tastes to decide what defaults to use.

In my hands, md5 blocks access exactly when it should, when the user
fails to provide the valid password.

my defacto pg_hba.conf reads like this...

local    all    all                      peer
host    all    all 127.0.0.0/8 md5
host    all    all ::1                   md5
# host all all xxx.yyy.zzz.0/24 md5      ## uncomment and adjust hostmask to suit LAN client addresses

with this setup, if user X runs psql with no arguments, it authenticates them as sql user X. if user X wants to connect to postgres as sql user Y, then `psql -h localhost -U Y ...` (or equivalent in whatever API) and use the sql Y role password to authenticate.

-- 
john r pierce, recycling bits in santa cruz

pgsql-general by date:

From: Melvin Davidson
Date: 11 August 2016, 23:55:07
Subject: Re: Postgres Pain Points 2 ruby / node language drivers

From: Merlin Moncure
Date: 12 August 2016, 01:20:06
Subject: Re: Any reasons for 'DO' statement not returning result?

Re: Postgres Pain Points: 1 pg_hba conf - Mailing list pgsql-general

Previous

Next