Shulou(Shulou.com)06/01 Report--

The default content of pg_hba.conf after initialization:

# TYPE DATABASE USER ADDRESS METHOD

# "local" is for Unix domain socket connections only

Local all all trust

# IPv4 local connections:

Host all all 127.0.0.1/32 trust

# IPv6 local connections:

Host all all:: 1/128 trust

# Allow replication connections from localhost, by a user with the

# replication privilege.

# local replication postgres trust

# host replication postgres 127.0.0.1/32 trust

# host replication postgres:: 1/128 trust

(1) type defines the connection method of the database. There are four ways:

Local: using unix-domain (unix socket)

Host: using TCP/IP connections, including SSL and No SSL

Hsotssl: use TCP/IP connection, only SSL encryption can be used

Hostnossl: use TCP/IP connection, not SSL encryption

(2) database specifies which libraries can be connected

All matches all libraries. To specify multiple libraries, you can separate them by commas.

(3) user specifies which users can connect

All matches all roles. To specify multiple roles, you can separate them by commas.

(4) address specifies which machines can be connected

First of all, if type is in local mode, address does not have to write

If type is in another format, address can be hostname, IP range, IP address

0.0.0.0Placement 0 represents all IP addresses

172.20.143.89Comp32 allow this ip to log in

10.1.1.0 to 24 allows the 10.1.1.0 to 10.1.255 network segment to log in to the database

(5) method specifies the authentication method for client connection database

Trust: as long as you know the database user name, you don't need a password or ident to log in. It is recommended not to use it in a production environment.

Md5: it's a common password authentication method. If you don't use ident, you'd better use md5. The password is transmitted to the database in the form of md5, which is more secure and does not require the establishment of an operating system user with the same name.

Password: send it to the database in clear text password, not recommended in production environment

Ident:

Ident is the default local authentication method for PostgreSQL under Linux. Database users who can log in to the operating system correctly (note: not a database user) can use this user mapping to log in to the database without a password.

If the operating system user does not map the user in the pg_ident.conf file, the default mapping database user has the same name as the operating system user

The user mapping file is pg_ident.conf, which records the mapping relationship between operating system users and database users

For example, there is an operating system user named user1 on the server, and there is also a database user with the same name on the database. After logging in to the operating system, user1 can directly enter psql and log in to the database as a user1 database user without a password.

Reject: deny authentication

Configure listening address

PostgreSQL only listens on local ports by default

[root@Darren2 postgresql-9.6.3] # netstat-nltup | grep postgres

Tcp 0 0 127.0.0.1 5432 0.0.0.0 * LISTEN 49675/postgres

Tcp 0 0:: 1 tcp 5432: * LISTEN 49675/postgres

Modify the listening by modifying the postgres.conf file

Darren1:postgres:/usr/local/pgsql/data: > vim postgresql.conf

# listen_addresses = 'localhost' # what IP address (es) to listen on

Listen_addresses ='*'# what IP address (es) to listen on

[root@Darren2 postgresql-9.6.3] # netstat-nltup | grep postgres

Tcp 0 0 0.0.0.0 5432 0.0.0.015 * LISTEN 50694/postgres

Tcp 0 0: 5432: * LISTEN 50694/postgres

Eg:

First create a user cdhu that can log in

Postgres=# create role cdhu1 password '147258' login

(1) modify pg_hba.conf. Clients from any IP can log in, but password verification is required.

Host all all 0.0.0.0/0 md5

Darren2:postgres:/usr/local/pgsql/data: > pg_ctl reload

Darren2:postgres:/usr/local/pgsql/data: > psql-h292.168.163.102-U postgres-d postgres-W

Password for user postgres:147258

Darren2:postgres:/usr/local/pgsql/data: > psql-h292.168.163.102-U cdhu1-d postgres-W

Password for user cdhu1:147258

(2) IP from 192.168.163.* can be logged in, but password verification is required.

Host all all 192.168.163.0/24 md5

Darren2:postgres:/usr/local/pgsql/data: > pg_ctl reload

Darren2:postgres:/usr/local/pgsql/data: > psql-h292.168.163.102-U cdhu1-d postgres-W

Password for user cdhu1:147258

(3) only clients from 192.168.163.101 are allowed to connect to the database, but password verification is required.

Host all all 192.168.163.101/32 md5

Darren2:postgres:/usr/local/pgsql/data: > pg_ctl reload

# login succeeded

Darren1:postgres:/usr/local/pgsql/data: > hostname-I

192.168.163.101

Darren1:postgres:/usr/local/pgsql/data: > psql-h 192.168.163.102-U cdhu1-d postgres-W

Password for user cdhu1:147258 can log in normally

# login failed

Darren2:postgres:/usr/local/pgsql/data: > hostname-I

192.168.163.102

Darren2:postgres:/usr/local/pgsql/data: > psql-h292.168.163.102-U cdhu1-d postgres-W

Password for user cdhu1:

FATAL: no pg_hba.conf entry for host "192.168.163.102", user "cdhu1", database "postgres"

Psql: FATAL: no pg_hba.conf entry for host "192.168.163.102", user "cdhu1", database "postgres"

(4) only clients from 192.168.163.101 are allowed to connect to the database without password verification.

Host all all 192.168.163.101/32 trust

Darren1:postgres:/usr/local/pgsql/data: > psql-h 192.168.163.102-U cdhu1-d postgres

(5) if the operating system user does not map the user in the pg_ident.conf file, the default mapping database user has the same name as the operating system user

Darren2:postgres:/usr/local/pgsql/data: > vim pg_ident.conf

Mapname1 cdhu1 cdhu1 (by default, there is the same mapping between the system user and the database user name)

Darren2:postgres:/usr/local/pgsql/data: > vim pg_hba.conf

Local all all ident

[root@Darren2 postgresql-9.6.3] # useradd cdhu1

[root@Darren2 postgresql-9.6.3] # passwd cdhu1

Postgres=# create role cdhu1 password '147258' login

[root@Darren2 postgresql-9.6.3] # su-cdhu1

# system user cdhu1, database user cdhu1, you can log in to the database without a password

[root@Darren2 postgresql-9.6.3] # su-cdhu1

[cdhu1@Darren2 ~] $/ usr/local/pgsql/bin/psql-h localhost-U cdhu1-d postgres

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.