Giriş
Not: postgresql.conf dosyası da bazı ayarları içerir. postgresql.conf hangi ethernet kartının (network card) dinleneceğini belirtilir.
pg_hba.conf "Host Based Authentication" anlamına gelir. Açıklaması şöyle.
This file handles client authentication configuration and controls as per doc "which hosts are allowed to connect, how clients are authenticated, which PostgreSQL user names they can use, which databases they can access". You need to edit this file to enable remote connections. The content is self-explanatory in this file.
Sütun Başlıkları
1. Type
2. Database
3. User
4. Address
5. Method
Her satır 7 tane formattan bir tanesine sahip olabilir. Bu formatlar şöylelocal database user auth-method [auth-options]
host database user address auth-method [auth-options]
hostssl database user address auth-method [auth-options]
hostnossl database user address auth-method [auth-options]
host database user IP-address IP-mask auth-method [auth-options]
hostssl database user IP-address IP-mask auth-method [auth-options]
hostnossl database user IP-address IP-mask auth-method [auth-options]
1. Type Sütunu
local Unix Doman Socket içindir
host IPv4 ve Ipv6 içindir
2. database Sütunu
Açıklaması şöyle
Specifies which database name(s) this record matches. The value all specifies that it matches all databases. The value sameuser specifies that the record matches if the requested database has the same name as the requested user. The valuesamerole specifies that the requested user must be a member of the role with the same name as the requested database. (samegroup is an obsolete but still accepted spelling of samerole.)
3. user Sütunu
Açıklaması şöyle
Specifies which database user name(s) this record matches. The value all specifies that it matches all users.
4. address Sütunu
Açıklaması şöyle
Specifies the client machine address(es) that this record matches. This field can contain either a host name or an IP address range. An IP address range is specified using standard numeric notation for the range’s starting address, then a slash (/) and a CIDR mask length. The mask length indicates the number of high-order bits of the client IP address that must match.
5. auth-method Alanı
Açıklaması şöyle
Specifies the authentication method to use when a connection matches this record. The possible choices are summarized here: https://www.postgresql.org/docs/current/auth-methods.html
Şu değerlerden birini alabilir. Eğer trust ise kullanıcı şifresiz login olur.
trust
reject
md5
password
gss
sspi
krb5
ident
peer
ldap
radius
cert
pam
Örnek
Şöyle yaparız
Örnek#Type DATABASE USER ADDRESS METHOD
#local is for Unix domain socket connections only
local all all trust
#IPv4 local connections
host all all 127.0.0.1/32 trust
#IPv6 local connections
host all all ::1/128 trust
#Allow replication connections from localhost, by a user with
#the replication privilege
local replication all trust
host replication all 127.0.0.1/32 trust
host replication all ::1/128 trust
Şöyle yaparız
# Allow any user from host 192.168.12.10 to connect to database
# "postgres" if the user's password is correctly supplied.
#
# TYPE DATABASE USER ADDRESS METHOD
host postgres all 192.168.12.10/32 scram-sha-256
Örnek
IPv4 ile her yerden bağlantıya izin vermek için bu dosyanın en altına bir satır ekleriz. Şöyle yaparızhost all all 0.0.0.0/0 md5
Örnek
IPv4 ve IPv6 ile her yerden bağlantıya izin vermek için bu dosyanın en altına bir satır ekleriz. Şöyle yaparız
Örnekhost all all 0.0.0.0/0 md5host all all ::/0 md5
Şöyle yaparız
host replication pglogrepl 127.0.0.1/32 md5
Hiç yorum yok:
Yorum Gönder