From: | Moreno Andreo <moreno(dot)andreo(at)evolu-s(dot)it> |
---|---|
To: | pgsql-novice(at)postgresql(dot)org |
Subject: | Re: Postgres authentication to multiple application servers |
Date: | 2017-01-25 10:53:29 |
Message-ID: | 63acdcdf-8976-78e2-118b-6741b882045a@evolu-s.it |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-novice |
Hello Padmini,
Il 25/01/2017 00:35, padmini ha scritto:
> Hi All,
>
> We need to configure Postgres authentication for multiple application
> servers.The application servers are dynamic (Few will be brought down over a
> period and new servers will be added on adhoc basis).Also the servers IPs
> will be changed periodically.
Check if you can group them in a subnet that will not be user for other
purposes...
>
> we cannot add/remove the application ips to pg_hba.conf file frequently as
> it requires restart of Postgres services.
AFAIK it just requires a reload, without restarting server (using a
subnet you have to do it less frequently, however)
>
> Please suggest the best authentication method in this case.We are planning
> to use trust in pg_hba.conf and control the access at db level using
> Username and password.
If I were you, in a production environment I'd *never* use trust level,
even for localhost.
the best thing that comes in my mind is to set a subnet where all
servers (and no one else) will reside and combine it with users, like this
host all user1 192.168.1.0/32 md5
host all user2 192.168.1.0/32 md5
host all user3 192.168.1.0/32 md5
...
and so on.
Best regards,
Moreno
> Can we proceed with it?
>
> Regards,
> Padmini
>
>
>
>
>
> --
> View this message in context: http://postgresql.nabble.com/Postgres-authentication-to-multiple-application-servers-tp5940791.html
> Sent from the PostgreSQL - novice mailing list archive at Nabble.com.
>
>
From | Date | Subject | |
---|---|---|---|
Next Message | David G. Johnston | 2017-01-25 15:29:46 | Re: xpath query |
Previous Message | Wei Shan | 2017-01-25 08:39:08 | Re: Postgres authentication to multiple application servers |