1# pgpool Client Authentication Configuration File
2# ===============================================
3#
4# The format rule in this file follows the rules in the PostgreSQL
5# Administrator's Guide. Refer to chapter "Client Authentication" for a
6# complete description.  A short synopsis follows.
7#
8# This file controls: which hosts are allowed to connect, how clients
9# are authenticated, which user names they can use, which databases they
10# can access.  Records take one of these forms:
11#
12# local      DATABASE  USER  METHOD  [OPTION]
13# host       DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
14# hostssl    DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
15# hostnossl  DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
16#
17# (The uppercase items must be replaced by actual values.)
18#
19# The first field is the connection type: "local" is a Unix-domain
20# socket, "host" is either a plain or SSL-encrypted TCP/IP socket.
21# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
22# plain TCP/IP socket.
23#
24# DATABASE can be "all", "sameuser", a database name, or a comma-separated
25# list thereof. Note that "samegroup" like in PostgreSQL's pg_hba.conf
26# file is not supported, since pgpool does not know which group a user
27# belongs to. Also note that the database specified here may not exist in
28# the backend PostgreSQL. pgpool will authenticate based on the database's
29# name, not based on whether it exists or not.
30#
31# USER can be "all", a user name, or a comma-separated list thereof.  In
32# both the DATABASE and USER fields you can also write a file name prefixed
33# with "@" to include names from a separate file. Note that a group name
34# prefixed with "+" like in PostgreSQL's pg_hba.conf file is not supported
35# because of the same reason as "samegroup" token. Also note that a user
36# name specified here may not exist in the backend PostgreSQL. pgpool will
37# authenticate based on the user's name, not based on whether he/she exists.
38#
39# CIDR-ADDRESS specifies the set of hosts the record matches.
40# It is made up of an IP address and a CIDR mask that is an integer
41# (between 0 and 32 (IPv4) that specifies the number of significant bits in
42# the mask.  Alternatively, you can write an IP address and netmask in
43# separate columns to specify the set of hosts.
44#
45# METHOD can be "trust", "reject", "md5" or "pam".  Note that "pam" sends passwords
46# in clear text.
47#
48# OPTION is the name of the PAM service. Default service name is "pgpool"
49#
50# Database and user names containing spaces, commas, quotes and other special
51# characters must be quoted. Quoting one of the keywords "all" or "sameuser"
52# makes the name lose its special character, and just match a database or
53# username with that name.
54#
55# This file is read on pgpool startup.  If you edit the file on a running
56# system, you have to restart the pgpool  for the changes to take effect.
57
58# Put your actual configuration here
59# ----------------------------------
60#
61# If you want to allow non-local connections, you need to add more
62# "host" records. In that case you will also need to make pgpool listen
63# on a non-local interface via the listen_addresses configuration parameter.
64#
65
66# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
67
68# "local" is for Unix domain socket connections only
69local   all         all                               trust
70# IPv4 local connections:
71host    all         all         127.0.0.1/32          trust
72host    all         all         ::1/128               trust
73