Baoding-FenShuaJiang
/
Green_GoodERP18_FSJ_Standard
Watch 1
Star 0
Wiki 捐赠
gooderp18绿色标准版
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tree: 0f75e31513
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0f75e31513'
${ noResults }
Green_GoodERP18_FSJ_Standard/PostgreSQL/doc/postgresql/html/auth-trust.html

37 lines
4.6KB
Raw Blame History 

  1. <?xml version="1.0" encoding="UTF-8" standalone="no"?>

  2. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>20.4. Trust Authentication</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets V1.79.1" /><link rel="prev" href="auth-methods.html" title="20.3. Authentication Methods" /><link rel="next" href="auth-password.html" title="20.5. Password Authentication" /></head><body><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">20.4. Trust Authentication</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="auth-methods.html" title="20.3. Authentication Methods">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="client-authentication.html" title="Chapter 20. Client Authentication">Up</a></td><th width="60%" align="center">Chapter 20. Client Authentication</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 12.4 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="auth-password.html" title="20.5. Password Authentication">Next</a></td></tr></table><hr></hr></div><div class="sect1" id="AUTH-TRUST"><div class="titlepage"><div><div><h2 class="title" style="clear: both">20.4. Trust Authentication</h2></div></div></div><p>

  3.     When <code class="literal">trust</code> authentication is specified,

  4.     <span class="productname">PostgreSQL</span> assumes that anyone who can

  5.     connect to the server is authorized to access the database with

  6.     whatever database user name they specify (even superuser names).

  7.     Of course, restrictions made in the <code class="literal">database</code> and

  8.     <code class="literal">user</code> columns still apply.

  9.     This method should only be used when there is adequate

  10.     operating-system-level protection on connections to the server.

  11.    </p><p>

  12.     <code class="literal">trust</code> authentication is appropriate and very

  13.     convenient for local connections on a single-user workstation.  It

  14.     is usually <span class="emphasis"><em>not</em></span> appropriate by itself on a multiuser

  15.     machine.  However, you might be able to use <code class="literal">trust</code> even

  16.     on a multiuser machine, if you restrict access to the server's

  17.     Unix-domain socket file using file-system permissions.  To do this, set the

  18.     <code class="varname">unix_socket_permissions</code> (and possibly

  19.     <code class="varname">unix_socket_group</code>) configuration parameters as

  20.     described in <a class="xref" href="runtime-config-connection.html" title="19.3. Connections and Authentication">Section 19.3</a>.  Or you

  21.     could set the <code class="varname">unix_socket_directories</code>

  22.     configuration parameter to place the socket file in a suitably

  23.     restricted directory.

  24.    </p><p>

  25.     Setting file-system permissions only helps for Unix-socket connections.

  26.     Local TCP/IP connections are not restricted by file-system permissions.

  27.     Therefore, if you want to use file-system permissions for local security,

  28.     remove the <code class="literal">host ... 127.0.0.1 ...</code> line from

  29.     <code class="filename">pg_hba.conf</code>, or change it to a

  30.     non-<code class="literal">trust</code> authentication method.

  31.    </p><p>

  32.     <code class="literal">trust</code> authentication is only suitable for TCP/IP connections

  33.     if you trust every user on every machine that is allowed to connect

  34.     to the server by the <code class="filename">pg_hba.conf</code> lines that specify

  35.     <code class="literal">trust</code>.  It is seldom reasonable to use <code class="literal">trust</code>

  36.     for any TCP/IP connections other than those from <span class="systemitem">localhost</span> (127.0.0.1).

  37.    </p></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="auth-methods.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="client-authentication.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="auth-password.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">20.3. Authentication Methods </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> 20.5. Password Authentication</td></tr></table></div></body></html>
上海开阖软件有限公司 沪ICP备12045867号-1