|
1 | 1 | # |
2 | | -# PostgreSQL HOST-BASED ACCESS (HBA) CONTROL FILE |
| 2 | +# PostgreSQL HOST-BASED ACCESS (HBA) CONTROL FILE |
3 | 3 | # |
4 | 4 | # |
5 | 5 | # This file controls: |
|
101 | 101 | # be use only for machines where all users are truested. |
102 | 102 | # |
103 | 103 | # password:Authentication is done by matching a password supplied |
104 | | -#in clear by the host. If no AUTH_ARGUMENT is used, the |
105 | | -#password is compared with the user's entry in the |
106 | | -#pg_shadow table. |
| 104 | +#in clear by the host. If no AUTH_ARGUMENT is used, the |
| 105 | +#password is compared with the user's entry in the |
| 106 | +#pg_shadow table. |
107 | 107 | # |
108 | 108 | # If AUTH_ARGUMENT is specified, the username is looked up |
109 | 109 | # in that file in the $PGDATA directory. If the username |
|
118 | 118 | # passwords. |
119 | 119 | # |
120 | 120 | # crypt: Same as "password", but authentication is done by |
121 | | -#encrypting the password sent over the network. This is |
122 | | -#always preferable to "password" except for old clients |
123 | | -#that don't support "crypt". Also, crypt can use |
124 | | -#usernames stored in secondary password files but not |
125 | | -#secondary passwords. |
126 | | -# |
127 | | -# ident:Authentication is done by the ident server on the local |
128 | | -#or remote host. AUTH_ARGUMENT is required and maps names |
129 | | -#found in the $PGDATA/pg_ident.conf file. Theconnection |
130 | | -#is accepted if the file contains an entry for this map |
131 | | -#name with the ident-supplied username and therequested |
132 | | -#PostgreSQL username. The special map name"sameuser" |
133 | | -#indicates an implied map (not in pg_ident.conf) that |
134 | | -#maps each ident username to the identical PostgreSQL |
| 121 | +#encrypting the password sent over the network. This is |
| 122 | +#always preferable to "password" except for old clients |
| 123 | +#that don't support "crypt". Also, crypt can use |
| 124 | +#usernames stored in secondary password files but not |
| 125 | +#secondary passwords. |
| 126 | +# |
| 127 | +# ident:Authentication is done by the ident server on the local |
| 128 | +#(127.0.0.1)or remote host. AUTH_ARGUMENT is required and |
| 129 | +#maps namesfound in the $PGDATA/pg_ident.conf file. The |
| 130 | +#connectionis accepted if the file contains an entry for |
| 131 | +#this mapname with the ident-supplied username and the |
| 132 | +#requestedPostgreSQL username. The special map name |
| 133 | +#"sameuser"indicates an implied map (not in pg_ident.conf) |
| 134 | +#thatmaps each ident username to the identical PostgreSQL |
135 | 135 | #username. |
136 | 136 | # |
137 | | -# krb4:Kerberos V4 authentication is used. |
| 137 | +# krb4:Kerberos V4 authentication is used. |
138 | 138 | # |
139 | | -# krb5:Kerberos V5 authentication is used. |
| 139 | +# krb5:Kerberos V5 authentication is used. |
140 | 140 | # |
141 | 141 | # reject: Reject the connection. This is used to reject certain hosts |
142 | | -#that are part of a network specified later in the file. |
143 | | -#To be effective, "reject" must appear before the later |
144 | | -#entries. |
| 142 | +#that are part of a network specified later in the file. |
| 143 | +#To be effective, "reject" must appear before the later |
| 144 | +#entries. |
145 | 145 | # |
146 | 146 | # Local UNIX-domain socket connections support only the AUTH_TYPEs of |
147 | 147 | # "trust", "password", "crypt", and "reject". |
|