| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869 |
- # pgpool Client Authentication Configuration File
- # ===============================================
- #
- # The format rule in this file follows the rules in the PostgreSQL
- # Administrator's Guide. Refer to chapter "Client Authentication" for a
- # complete description. A short synopsis follows.
- #
- # This file controls: which hosts are allowed to connect, how clients
- # are authenticated, which user names they can use, which databases they
- # can access. Records take one of these forms:
- #
- # local DATABASE USER METHOD [OPTION]
- # host DATABASE USER CIDR-ADDRESS METHOD [OPTION]
- #
- # (The uppercase items must be replaced by actual values.)
- #
- # The first field is the connection type: "local" is a Unix-domain
- # socket, "host" is either a plain or SSL-encrypted TCP/IP socket.
- #
- # DATABASE can be "all", "sameuser", a database name, or a comma-separated
- # list thereof. Note that "samegroup" like in PostgreSQL's pg_hba.conf
- # file is not supported, since pgpool does not know which group a user
- # belongs to. Also note that the database specified here may not exist in
- # the backend PostgreSQL. pgpool will authenticate based on the database's
- # name, not based on whether it exists or not.
- #
- # USER can be "all", a user name, or a comma-separated list thereof. In
- # both the DATABASE and USER fields you can also write a file name prefixed
- # with "@" to include names from a separate file. Note that a group name
- # prefixed with "+" like in PostgreSQL's pg_hba.conf file is not supported
- # because of the same reason as "samegroup" token. Also note that a user
- # name specified here may not exist in the backend PostgreSQL. pgpool will
- # authenticate based on the user's name, not based on whether he/she exists.
- #
- # CIDR-ADDRESS specifies the set of hosts the record matches.
- # It is made up of an IP address and a CIDR mask that is an integer
- # (between 0 and 32 (IPv4) that specifies the number of significant bits in
- # the mask. Alternatively, you can write an IP address and netmask in
- # separate columns to specify the set of hosts.
- #
- # METHOD can be "trust", "reject", "md5" or "pam". Note that "pam" sends passwords
- # in clear text.
- #
- # OPTION is the name of the PAM service. Default service name is "pgpool"
- #
- # Database and user names containing spaces, commas, quotes and other special
- # characters must be quoted. Quoting one of the keywords "all" or "sameuser"
- # makes the name lose its special character, and just match a database or
- # username with that name.
- #
- # This file is read on pgpool startup. If you edit the file on a running
- # system, you have to restart the pgpool for the changes to take effect.
- # Put your actual configuration here
- # ----------------------------------
- #
- # If you want to allow non-local connections, you need to add more
- # "host" records. In that case you will also need to make pgpool listen
- # on a non-local interface via the listen_addresses configuration parameter.
- #
- # TYPE DATABASE USER CIDR-ADDRESS METHOD
- # "local" is for Unix domain socket connections only
- local all all trust
- # IPv4 local connections:
- host all all 127.0.0.1/32 trust
- host all all ::1/128 trust
- host all all 172.20.0.0/24 trust
|
