2 # Example Postgres95 host access control file.
5 # This file controls what hosts are allowed to connect to what databases
6 # and specifies some options on how users on a particular host are identified.
8 # Each line (terminated by a newline character) is a record. A record cannot
9 # be continued across two lines.
11 # There are 3 kinds of records:
13 # 1) comment: Starts with #.
15 # 2) empty: Contains nothing excepting spaces and tabs.
17 # 3) content: anything else.
19 # Unless specified otherwise, "record" from here on means a content
22 # A record consists of tokens separated by spaces or tabs. Spaces and
23 # tabs at the beginning and end of a record are ignored as are extra
24 # spaces and tabs between two tokens.
26 # The first token in a record is the record type. The interpretation of the
27 # rest of the record depends on the record type.
32 # This record identifies a set of hosts that are permitted to connect to
33 # databases. No hosts are permitted to connect except as specified by a
38 # host DBNAME IP_ADDRESS ADDRESS_MASK USERAUTH [MAP]
40 # DBNAME is the name of a Postgres database, or "all" to indicate all
43 # IP_ADDRESS and ADDRESS_MASK are a standard dotted decimal IP address and
44 # mask to identify a set of hosts. These hosts are allowed to connect to
47 # USERAUTH is a keyword indicating the method used to authenticate the
48 # user, i.e. to determine that the principal is authorized to connect
49 # under the Postgres username he supplies in his connection parameters.
51 # ident: Authentication is done by the ident server on the remote
52 # host, via the ident (RFC 1413) protocol.
54 # trust: No authentication is done. Trust that the user has the
55 # authority to user whatever username he says he does.
56 # Before Postgres Version 6, all authentication was this way.
58 # MAP is the name of a map that matches an authenticated principal with
59 # a Postgres username. If USERNAME is "trust", this value is ignored and
62 # In the case of USERAUTH=ident, this is a map name to be found in the
63 # pg_ident.conf file. That table maps from ident usernames to Postgres
64 # usernames. The special map name "sameuser" indicates an implied map
65 # (not found in pg_ident.conf) that maps every ident username to the identical
69 # For backwards compatibility, PostgreSQL also accepts pre-Version 6 records,
72 # all 127.0.0.1 0.0.0.0
76 # TYPE DATABASE IP_ADDRESS MASK USERAUTH MAP
78 host all 127.0.0.1 255.255.255.255 trust
80 # The above allows any user on the local system to connect to any database
83 #host template1 192.168.0.0 255.255.255.0 ident sameuser
85 # The above allows any user from any host with IP address 192.168.0.x to
86 # connect to database template1 as the same username that ident on that host
87 # identifies him as (typically his Unix username).
89 #host all 0.0.0.0 0.0.0.0 trust
91 # The above would allow anyone anywhere to connect to any database under
94 #host all 192.168.0.0 255.255.255.0 ident omicron
96 # The above would allow users from 192.168.0.x hosts to connect to any
97 # database, but if e.g. Ident says the user is "bryanh" and he requests to
98 # connect as Postgres user "guest1", the connection is only allowed if
99 # there is an entry for map "omicron" in pg_ident.conf that says "bryanh" is
100 # allowed to connect as "guest1".