# PostgreSQL Client Authentication Configuration File

# ===================================================

#

# Refer to the "Client Authentication" section in the

#PostgreSQLdocumentation for a complete description

#of this file. A shortsynopsis follows.

# Refer to the "Client Authentication" section in the PostgreSQL

# documentation for a complete description of this file. A short

# synopsis follows.

#

# This file controls: which hosts are allowed to connect, how clients

# are authenticated, which PostgreSQL user names they can use, which

#

# (The uppercase items must be replaced by actual values.)

#

# The first field is the connection type: "local" is a Unix-domain socket,

# "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl" is an

# SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP socket.

# The first field is the connection type: "local" is a Unix-domain

# socket, "host" is either a plain or SSL-encrypted TCP/IP socket,

# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a

# plain TCP/IP socket.

#

# DATABASE can be "all", "sameuser", "samerole", "replication",

#adatabase name, or a comma-separated list thereof.

# DATABASE can be "all", "sameuser", "samerole", "replication", a

# database name, or a comma-separated list thereof.

#

# USER can be "all", a user name, a group name prefixed with "+", or

#acomma-separated list thereof. In both the DATABASE and USER fields

# you can also write a file name prefixed with "@" to include names from

# a separate file.

# USER can be "all", a user name, a group name prefixed with "+", or a

# comma-separated list thereof. In both the DATABASE and USER fields

# you can also write a file name prefixed with "@" to include names

#froma separate file.

#

# CIDR-ADDRESS specifies the set of hosts the record matches.

#It ismade up of an IP address and a CIDR mask that is an integer

#(between0 and 32 (IPv4) or 128 (IPv6) inclusive) that specifies

#the numberof significant bits in the mask. Alternatively, you can write

#an IPaddress and netmask in separate columns to specify the set of hosts.

# Instead of a CIDR-address, you can write "samehost" to match any of the

# server's own IP addresses, or "samenet" to match any address in any subnet

# that the server is directly connected to.

# CIDR-ADDRESS specifies the set of hosts the record matches. It is

# made up of an IP address and a CIDR mask that is an integer (between

# 0 and 32 (IPv4) or 128 (IPv6) inclusive) that specifies the number

# of significant bits in the mask. Alternatively, you can write an IP

# address and netmask in separate columns to specify the set of hosts.

# Instead of a CIDR-address, you can write "samehost" to match any of

#theserver's own IP addresses, or "samenet" to match any address in

#any subnetthat the server is directly connected to.

#

# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi", "krb5",

# "ident", "pam", "ldap" or "cert". Note that "password" sends passwords

# in clear text; "md5" is preferred since it sends encrypted passwords.

# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi",

# "krb5", "ident", "pam", "ldap" or "cert". Note that "password"

# sends passwords in clear text; "md5" is preferred since it sends

# encrypted passwords.

#

# OPTIONS are a set of options for the authentication in the format

# NAME=VALUE. The available options depend on the different authentication

# methods - refer to the "Client Authentication" section in the documentation

# for a list of which options are available for which authentication methods.

# NAME=VALUE. The available options depend on the different

# authentication methods -- refer to the "Client Authentication"

# section in the documentation for a list of which options are

# available for which authentication methods.

#

# Database and user names containing spaces, commas, quotes and other special

# characters must be quoted. Quoting one of the keywords "all", "sameuser",

# "samerole" or "replication" makes the name lose its special character,

# and just match a database or username with that name.

# Database and user names containing spaces, commas, quotes and other

# special characters must be quoted. Quoting one of the keywords

# "all", "sameuser", "samerole" or "replication" makes the name lose

# its special character, and just match a database or username with

# that name.

#

# This file is read on server startup and when the postmaster receives

# a SIGHUP signal. If you edit the file on a running system, you have

# to SIGHUP the postmaster for the changes to take effect. You can use

# "pg_ctl reload" to do that.

# to SIGHUP the postmaster for the changes to take effect. You can

#use"pg_ctl reload" to do that.

# Put your actual configuration here

# ----------------------------------

#

# If you want to allow non-local connections, you need to add more

# "host" records. In that case you will also need to make PostgreSQL listen

# on a non-local interface via the listen_addresses configuration parameter,

# or via the -i or -h command line switches.

#

# "host" records. In that case you will also need to make PostgreSQL

# listen on a non-local interface via the listen_addresses

# configuration parameter, or via the -i or -h command line switches.

@authcomment@

# PostgreSQL User Name Maps

# =========================

#

# Refer to the PostgreSQL Administrator's Guide, chapter "Client

# Authentication" for a complete description. A short synopsis follows.

# Refer to the PostgreSQL documentation, chapter "Client

# Authentication" for a complete description. A short synopsis

# follows.

#

# This file controls PostgreSQLusernamemapping. It maps

#externaluser names to their corresponding

#PostgreSQL user names. Recordsare of the form:

# This file controls PostgreSQLuser namemapping.It maps external

# user names to their corresponding PostgreSQL user names. Records

# are of the form:

#

# MAPNAME SYSTEM-USERNAME PG-USERNAME

#

# existence of a record specifies that SYSTEM-USERNAME may connect as

# PG-USERNAME.

#

# If SYSTEM-USERNAME starts with a slash (/), it will be treated as

#aregular expression. Optionally this can contain a capture (a

# If SYSTEM-USERNAME starts with a slash (/), it will be treated as a

# regular expression. Optionally this can contain a capture (a

# parenthesized subexpression). The substring matching the capture

# will be substituted for \1 (backslash-one) if present in PG-USERNAME.

# will be substituted for \1 (backslash-one) if present in

# PG-USERNAME.

#

# Multiple maps may be specified in this file and used by pg_hba.conf.

#

# No map names are defined in the default configuration. If all system

# user names and PostgreSQL user names are the same, you don't need

# anything in this file.

# No map names are defined in the default configuration. If all

#systemuser names and PostgreSQL user names are the same, you don't

#needanything in this file.

#

# This file is read on server startup and when the postmaster receives

# a SIGHUP signal. If you edit the file on a running system, you have

# to SIGHUP the postmaster for the changes to take effect. You can use

# "pg_ctl reload" to do that.

# to SIGHUP the postmaster for the changes to take effect. You can

#use"pg_ctl reload" to do that.

# Put your actual configuration here

# ----------------------------------

#defineAUTHTRUST_WARNING \

"# CAUTION: Configuring the system for local \"trust\" authentication allows\n" \

"# any local user to connect as any PostgreSQL user, including the database\n" \

"# superuser. If you do not trust all your local users, use another\n" \

"# authentication method.\n"

"# CAUTION: Configuring the system for local \"trust\" authentication\n" \

"#allowsany local user to connect as any PostgreSQL user, including\n" \

"#the databasesuperuser.If you do not trust all your local users,\n" \

"#use anotherauthentication method.\n"

staticchar*authwarning=NULL;