summaryrefslogtreecommitdiffstats
path: root/doc/src/sgml/html/auth-trust.html
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-04 12:19:15 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-04 12:19:15 +0000
commit6eb9c5a5657d1fe77b55cc261450f3538d35a94d (patch)
tree657d8194422a5daccecfd42d654b8a245ef7b4c8 /doc/src/sgml/html/auth-trust.html
parentInitial commit. (diff)
downloadpostgresql-13-upstream.tar.xz
postgresql-13-upstream.zip
Adding upstream version 13.4.upstream/13.4upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/src/sgml/html/auth-trust.html')
-rw-r--r--doc/src/sgml/html/auth-trust.html37
1 files changed, 37 insertions, 0 deletions
diff --git a/doc/src/sgml/html/auth-trust.html b/doc/src/sgml/html/auth-trust.html
new file mode 100644
index 0000000..6cb2ec5
--- /dev/null
+++ b/doc/src/sgml/html/auth-trust.html
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>20.4. Trust Authentication</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets V1.79.1" /><link rel="prev" href="auth-methods.html" title="20.3. Authentication Methods" /><link rel="next" href="auth-password.html" title="20.5. Password Authentication" /></head><body id="docContent" class="container-fluid col-10"><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">20.4. Trust Authentication</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="auth-methods.html" title="20.3. Authentication Methods">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="client-authentication.html" title="Chapter 20. Client Authentication">Up</a></td><th width="60%" align="center">Chapter 20. Client Authentication</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 13.4 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="auth-password.html" title="20.5. Password Authentication">Next</a></td></tr></table><hr></hr></div><div class="sect1" id="AUTH-TRUST"><div class="titlepage"><div><div><h2 class="title" style="clear: both">20.4. Trust Authentication</h2></div></div></div><p>
+ When <code class="literal">trust</code> authentication is specified,
+ <span class="productname">PostgreSQL</span> assumes that anyone who can
+ connect to the server is authorized to access the database with
+ whatever database user name they specify (even superuser names).
+ Of course, restrictions made in the <code class="literal">database</code> and
+ <code class="literal">user</code> columns still apply.
+ This method should only be used when there is adequate
+ operating-system-level protection on connections to the server.
+ </p><p>
+ <code class="literal">trust</code> authentication is appropriate and very
+ convenient for local connections on a single-user workstation. It
+ is usually <span class="emphasis"><em>not</em></span> appropriate by itself on a multiuser
+ machine. However, you might be able to use <code class="literal">trust</code> even
+ on a multiuser machine, if you restrict access to the server's
+ Unix-domain socket file using file-system permissions. To do this, set the
+ <code class="varname">unix_socket_permissions</code> (and possibly
+ <code class="varname">unix_socket_group</code>) configuration parameters as
+ described in <a class="xref" href="runtime-config-connection.html" title="19.3. Connections and Authentication">Section 19.3</a>. Or you
+ could set the <code class="varname">unix_socket_directories</code>
+ configuration parameter to place the socket file in a suitably
+ restricted directory.
+ </p><p>
+ Setting file-system permissions only helps for Unix-socket connections.
+ Local TCP/IP connections are not restricted by file-system permissions.
+ Therefore, if you want to use file-system permissions for local security,
+ remove the <code class="literal">host ... 127.0.0.1 ...</code> line from
+ <code class="filename">pg_hba.conf</code>, or change it to a
+ non-<code class="literal">trust</code> authentication method.
+ </p><p>
+ <code class="literal">trust</code> authentication is only suitable for TCP/IP connections
+ if you trust every user on every machine that is allowed to connect
+ to the server by the <code class="filename">pg_hba.conf</code> lines that specify
+ <code class="literal">trust</code>. It is seldom reasonable to use <code class="literal">trust</code>
+ for any TCP/IP connections other than those from <span class="systemitem">localhost</span> (127.0.0.1).
+ </p></div><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navfooter"><hr></hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="auth-methods.html" title="20.3. Authentication Methods">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="client-authentication.html" title="Chapter 20. Client Authentication">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="auth-password.html" title="20.5. Password Authentication">Next</a></td></tr><tr><td width="40%" align="left" valign="top">20.3. Authentication Methods </td><td width="20%" align="center"><a accesskey="h" href="index.html" title="PostgreSQL 13.4 Documentation">Home</a></td><td width="40%" align="right" valign="top"> 20.5. Password Authentication</td></tr></table></div></body></html> \ No newline at end of file