2008/10/13 13:50 Voice Portal/Database

[postgres]what is pg_hba.conf file?

크리에이티브 커먼즈 라이선스
Creative Commons License

The pg_hba.conf file

We mentioned earlier in this section that the pg_hba.conf file enables client authentication between the PostgreSQL server and the client application. This file consists of a series of entries, which define a host and its associated permissions (e.g., the database it is allowed to connect to, the authentication method to use, and so on).

When an application requests a connection, the request will specify a PostgreSQL username and database with which it intends to connect to PostgreSQL. Optionally, a password may be provided, depending on the expected configuration for the connecting host.

Note: PostgreSQL has its own user and password tables, which are separate from system accounts. It is not required that your PostgreSQL users match users available to the operating system.

When PostgreSQL receives a connection request it will check the pg_hba.conf file to verify that the machine from which the application is requesting a connection has rights to connect to the specified database. If the machine requesting access has permission to connect, PostgreSQL will check the conditions that the application must meet in order to successfully authenticate. This affects connections that are initiated locally as well as remotely.

PostgreSQL will check the authentication method via the pg_hba.conf for every connection request. This check is performed every time a new connection is requested from the PostgreSQL server, so there is no need to re-start PostgreSQL after you add, modify or remove an entry in the pg_hba.conf file. Example 8-1 is a simple example of the pg_hba.conf file.

Example 8-1. A simple pg_hba.conf file

#                   PostgreSQL HOST ACCESS CONTROL FILE
#

local  all                                          trust
host   all        127.0.0.1      255.255.255.255    trust
host   booktown   192.168.1.3    255.255.255.255    ident    sales
host   all        192.168.1.4    255.255.255.255    ident    audit

When a connection is initialized, PostgreSQL will read through the pg_hba.conf one entry at a time, from the top down. As soon a matching record is found, PostgreSQL will stop searching and allow or reject the connection, based on the found entry. If PostgreSQL does not find a matching entry in the pg_hba.conf file, the connection fails completely.

Table-level permissions still apply to a database, even if a user has permissions to connect to the database. If you can connect, but cannot select data from a table, you may want to verify that your connected user has permission to use SELECT on that table. Using the psql command-line application, you can check the permissions of the tables within a database by using the \z slash command. From any other interface to PostgreSQL, use the query demonstrated in Example 8-2 to see the same information provided by the \z slash command.


for more detailed..

http://www.faqs.org/docs/ppbook/c15679.htm

'Voice Portal > Database' 카테고리의 다른 글

JNDI Datasource - 간략히 정리  (1) 2008/11/18
SQLite3 설치  (0) 2008/11/07
각 DB의 JDBC 드라이버 다운로드  (0) 2008/10/14
각 Database별 JDBC 드라이버 설정  (0) 2008/10/13
[postgres]what is pg_hba.conf file?  (1) 2008/10/13
SQL 쿼리 문 사용하기  (0) 2008/01/12
posted by 조금까칠한남자
TAG , ,
Trackback 0 Comment 1