Re: Postgres authentication to multiple application servers

Hello Padmini,

Il 25/01/2017 00:35, padmini ha scritto:
> Hi All,
>
> We need to configure Postgres authentication for multiple application
> servers.The application servers are dynamic (Few will be brought down over a
> period and new servers will be added on adhoc basis).Also the servers IPs
> will be changed periodically.
Check if you can group them in a subnet that will not be user for other
purposes...
>
> we cannot add/remove the application ips to pg_hba.conf file frequently as
> it requires restart of Postgres services.
AFAIK it just requires a reload, without restarting server (using a
subnet you have to do it less frequently, however)
>
> Please suggest the best authentication method in this case.We are planning
> to use trust in pg_hba.conf and control the access at db level using
> Username and password.
If I were you, in a production environment I'd *never* use trust level,
even for localhost.
the best thing that comes in my mind is to set a subnet where all
servers (and no one else) will reside and combine it with users, like this

host all user1 192.168.1.0/32 md5
host all user2 192.168.1.0/32 md5
host all user3 192.168.1.0/32 md5
...
and so on.

Best regards,
Moreno

> Can we proceed with it?
>
> Regards,
> Padmini
>
>
>
>
>
> --
> View this message in context: http://postgresql.nabble.com/Postgres-authentication-to-multiple-application-servers-tp5940791.html
> Sent from the PostgreSQL - novice mailing list archive at Nabble.com.
>
>