1# pgpool Client Authentication Configuration File 2# =============================================== 3# 4# The format rule in this file follows the rules in the PostgreSQL 5# Administrator's Guide. Refer to chapter "Client Authentication" for a 6# complete description. A short synopsis follows. 7# 8# This file controls: which hosts are allowed to connect, how clients 9# are authenticated, which user names they can use, which databases they 10# can access. Records take one of these forms: 11# 12# local DATABASE USER METHOD [OPTION] 13# host DATABASE USER ADDRESS METHOD [OPTIONS] 14# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] 15# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] 16# 17# (The uppercase items must be replaced by actual values.) 18# 19# The first field is the connection type: "local" is a Unix-domain 20# socket, "host" is either a plain or SSL-encrypted TCP/IP socket. 21# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a 22# plain TCP/IP socket. 23# 24# DATABASE can be "all", "sameuser", a database name, or a comma-separated 25# list thereof. Note that "samegroup" like in PostgreSQL's pg_hba.conf 26# file is not supported, since pgpool does not know which group a user 27# belongs to. Also note that the database specified here may not exist in 28# the backend PostgreSQL. pgpool will authenticate based on the database's 29# name, not based on whether it exists or not. 30# 31# USER can be "all", a user name, or a comma-separated list thereof. In 32# both the DATABASE and USER fields you can also write a file name prefixed 33# with "@" to include names from a separate file. Note that a group name 34# prefixed with "+" like in PostgreSQL's pg_hba.conf file is not supported 35# because of the same reason as "samegroup" token. Also note that a user 36# name specified here may not exist in the backend PostgreSQL. pgpool will 37# authenticate based on the user's name, not based on whether he/she exists. 38# 39# CIDR-ADDRESS specifies the set of hosts the record matches. 40# It is made up of an IP address and a CIDR mask that is an integer 41# (between 0 and 32 (IPv4) that specifies the number of significant bits in 42# the mask. Alternatively, you can write an IP address and netmask in 43# separate columns to specify the set of hosts. 44# 45# METHOD can be "trust", "reject", "md5" or "pam". Note that "pam" sends passwords 46# in clear text. 47# 48# OPTION is the name of the PAM service. Default service name is "pgpool" 49# 50# Database and user names containing spaces, commas, quotes and other special 51# characters must be quoted. Quoting one of the keywords "all" or "sameuser" 52# makes the name lose its special character, and just match a database or 53# username with that name. 54# 55# This file is read on pgpool startup. If you edit the file on a running 56# system, you have to restart the pgpool for the changes to take effect. 57 58# Put your actual configuration here 59# ---------------------------------- 60# 61# If you want to allow non-local connections, you need to add more 62# "host" records. In that case you will also need to make pgpool listen 63# on a non-local interface via the listen_addresses configuration parameter. 64# 65 66# TYPE DATABASE USER CIDR-ADDRESS METHOD 67 68# "local" is for Unix domain socket connections only 69local all all trust 70# IPv4 local connections: 71host all all 127.0.0.1/32 trust 72host all all ::1/128 trust 73