合 PG防火墙配置文件pg_hba.conf介绍
Tags: PG体系结构pg_hba.conf参数文件
注意:防火墙
$PGDATA/pg_hba.conf
文件和密码~/.pgpass
文件的优先级是:先通过pg_hba.conf校验,若需要密码再去校验.pgpass文件。
该文件位于初始化安装的数据库目录下,例如:/var/lib/pgsql/11/data/pg_hba.conf,配置示例如下所示:
1 2 3 4 5 6 7 8 9 10 11 12 | cat << EOF > /var/lib/pgsql/11/data/pg_hba.conf # TYPE DATABASE USER ADDRESS METHOD local all all trust host all all ::1/128 trust host all all 127.0.0.1/32 trust host all all 0.0.0.0/0 md5 host replication all 0.0.0.0/0 md5 EOF -- 远程访问,也可以直接加上 host all all all md5 |
可以通过视图pg_hba_file_rules来查询该文件的内容(PG10新增)。pg_hba.conf修改后,使用pg_ctl reload重新读取pg_hba.conf文件。
1 2 3 4 5 6 7 8 9 | postgres=# select * from pg_hba_file_rules; line_number | type | database | user_name | address | netmask | auth_method | options | error -------------+-------+---------------+-----------+-----------+-----------------------------------------+-------------+---------+------- 2 | local | {all} | {all} | | | trust | | 3 | host | {all} | {all} | ::1 | ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff | trust | | 4 | host | {all} | {all} | 127.0.0.1 | 255.255.255.255 | trust | | 5 | host | {all} | {all} | 0.0.0.0 | 0.0.0.0 | md5 | | 6 | host | {replication} | {all} | 0.0.0.0 | 0.0.0.0 | md5 | | (5 rows) |
每一行的格式为:
连接方式 连接的数据库 连接的用户 连接的主机IP 认证方式