# pgpool Client Authentication Configuration File # =============================================== # # The format rule in this file follows the rules in the PostgreSQL # Administrator's Guide. Refer to chapter "Client Authentication" for a # complete description. A short synopsis follows. # # This file controls: which hosts are allowed to connect, how clients # are authenticated, which user names they can use, which databases they # can access. Records take one of these forms: # # local DATABASE USER METHOD [OPTION] # host DATABASE USER CIDR-ADDRESS METHOD [OPTION] # # (The uppercase items must be replaced by actual values.) # # The first field is the connection type: "local" is a Unix-domain # socket, "host" is either a plain or SSL-encrypted TCP/IP socket. # # DATABASE can be "all", "sameuser", a database name, or a comma-separated # list thereof. Note that "samegroup" like in PostgreSQL's pg_hba.conf # file is not supported, since pgpool does not know which group a user # belongs to. Also note that the database specified here may not exist in # the backend PostgreSQL. pgpool will authenticate based on the database's # name, not based on whether it exists or not. # # USER can be "all", a user name, or a comma-separated list thereof. In # both the DATABASE and USER fields you can also write a file name prefixed # with "@" to include names from a separate file. Note that a group name # prefixed with "+" like in PostgreSQL's pg_hba.conf file is not supported # because of the same reason as "samegroup" token. Also note that a user # name specified here may not exist in the backend PostgreSQL. pgpool will # authenticate based on the user's name, not based on whether he/she exists. # # CIDR-ADDRESS specifies the set of hosts the record matches. # It is made up of an IP address and a CIDR mask that is an integer # (between 0 and 32 (IPv4) that specifies the number of significant bits in # the mask. Alternatively, you can write an IP address and netmask in # separate columns to specify the set of hosts. # # METHOD can be "trust", "reject", "md5" or "pam". Note that "pam" sends passwords # in clear text. # # OPTION is the name of the PAM service. Default service name is "pgpool" # # Database and user names containing spaces, commas, quotes and other special # characters must be quoted. Quoting one of the keywords "all" or "sameuser" # makes the name lose its special character, and just match a database or # username with that name. # # This file is read on pgpool startup. If you edit the file on a running # system, you have to restart the pgpool for the changes to take effect. # Put your actual configuration here # ---------------------------------- # # If you want to allow non-local connections, you need to add more # "host" records. In that case you will also need to make pgpool listen # on a non-local interface via the listen_addresses configuration parameter. # # TYPE DATABASE USER CIDR-ADDRESS METHOD # "local" is for Unix domain socket connections only local all all trust # IPv4 local connections: host all all 127.0.0.1/32 trust host all all ::1/128 trust