Index: doc/src/sgml/client-auth.sgml
===================================================================
RCS file: /cvsroot/pgsql-server/doc/src/sgml/client-auth.sgml,v
retrieving revision 1.65
diff -c -c -r1.65 client-auth.sgml
*** doc/src/sgml/client-auth.sgml 23 Mar 2004 01:23:48 -0000 1.65
--- doc/src/sgml/client-auth.sgml 26 Aug 2004 16:11:06 -0000
***************
*** 86,97 ****
A record may have one of the seven formats
local database user authentication-method authentication-option
host database user IP-address IP-mask authentication-method authentication-option
hostssl database user IP-address IP-mask authentication-method authentication-option
hostnossl database user IP-address IP-mask authentication-method authentication-option
- host database user IP-address/IP-masklen authentication-method authentication-option
- hostssl database user IP-address/IP-masklen authentication-method authentication-option
- hostnossl database user IP-address/IP-masklen authentication-method authentication-option
The meaning of the fields is as follows:
--- 86,97 ----
A record may have one of the seven formats
local database user authentication-method authentication-option
+ host database user CIDR-address authentication-method authentication-option
+ hostssl database user CIDR-address authentication-method authentication-option
+ hostnossl database user CIDR-address authentication-method authentication-option
host database user IP-address IP-mask authentication-method authentication-option
hostssl database user IP-address IP-mask authentication-method authentication-option
hostnossl database user IP-address IP-mask authentication-method authentication-option
The meaning of the fields is as follows:
***************
*** 196,214 ****
! IP-address
! IP-mask
! These two fields contain IP address and mask values in standard
! dotted decimal notation. (IP addresses can only be specified
! numerically, not as domain or host names.) Taken together they
! specify the client machine IP addresses that this record
! matches. The precise logic is that
!
! (actual-IP-address xor IP-address-field) and IP-mask-field
!
! must be zero for the record to match.
--- 196,218 ----
! CIDR-address
! specifies the client machine IP addresses that this record
! matches. It contains an IP address in standard dotted decimal
! notation and a CIDR mask length. (IP addresses can only be
! specified numerically, not as domain or host names.) For example,
! an IPv4 CIDR mask of 8 is equivalent to an IP mask of 255.0.0.0,
! an IPv6 CIDR mask of 64 is equivalent to an IP mask of
! ffff:ffff:ffff:ffff::. A IPv4 CIDR mask of 32 is used for single
! hosts.
!
!
!
! A typical CIDR address is 172.20.143.89/32.
! There should be no white space between the IP address, the
! /, and the CIDR mask length.
***************
*** 229,254 ****
IP-masklen
! This field may be used as an alternative to the
! IP-mask notation. It is an integer
! specifying the number of high-order bits to set in the mask.
! The number must be between 0 and 32 (in the case of an IPv4
! address) or 128 (in the case of an IPv6 address) inclusive. 0
! will match any address, while 32 (or 128, respectively) will
! match only the exact host specified. The same matching logic
! is used as for a dotted notation
! IP-mask.
!
!
!
! There must be no white space between the
! IP-address and the
! / or the / and the
! IP-masklen, or the file will not be
! parsed correctly.
--- 233,249 ----
+ IP-address
IP-masklen
! This may be used as an alternative to the
! CIDR-address notation. Instead of
! specifying the mask length, the actual mask is specified in a
! separate column. For example, 255.0.0.0 represents a IPv4 CIDR
! mask length of 8, and 255.255.255.255 represents a CIDR mask
! length of 32. The same matching logic is used as for a dotted
! notation IP-mask.
***************
*** 458,493 ****
# any user name using Unix-domain sockets (the default for local
# connections).
#
! # TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
! local all all trust
# The same using local loopback TCP/IP connections.
#
! # TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
! host all all 127.0.0.1 255.255.255.255 trust
! # The same as the last line but using a CIDR mask
#
! # TYPE DATABASE USER IP-ADDRESS/CIDR-mask METHOD
! host all all 127.0.0.1/32 trust
# Allow any user from any host with IP address 192.168.93.x to connect
# to database "template1" as the same user name that ident reports for
# the connection (typically the Unix user name).
#
! # TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
! host template1 all 192.168.93.0 255.255.255.0 ident sameuser
! # The same as the last line but using a CIDR mask
#
! # TYPE DATABASE USER IP-ADDRESS/CIDR-mask METHOD
! host template1 all 192.168.93.0/24 ident sameuser
# Allow a user from host 192.168.12.10 to connect to database
# "template1" if the user's password is correctly supplied.
#
! # TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
! host template1 all 192.168.12.10 255.255.255.255 md5
# In the absence of preceding "host" lines, these two lines will
# reject all connection from 192.168.54.1 (since that entry will be
--- 453,488 ----
# any user name using Unix-domain sockets (the default for local
# connections).
#
! # TYPE DATABASE USER CIDR-ADDRESS METHOD
! local all all trust
# The same using local loopback TCP/IP connections.
#
! # TYPE DATABASE USER CIDR-ADDRESS METHOD
! host all all 127.0.0.1/32 trust
! # The same as the last line but using a separate netmask column
#
! # TYPE DATABASE USER CIDR-ADDRESS METHOD
! host all all 127.0.0.1 255.255.255.255 trust
# Allow any user from any host with IP address 192.168.93.x to connect
# to database "template1" as the same user name that ident reports for
# the connection (typically the Unix user name).
#
! # TYPE DATABASE USER CIDR-ADDRESS METHOD
! host template1 all 192.168.93.0/24 ident sameuser
! # The same as the last line but using a separate netmask column
#
! # TYPE DATABASE USER CIDR-ADDRESS METHOD
! host template1 all 192.168.93.0 255.255.255.0 ident sameuser
# Allow a user from host 192.168.12.10 to connect to database
# "template1" if the user's password is correctly supplied.
#
! # TYPE DATABASE USER CIDR-ADDRESS METHOD
! host template1 all 192.168.12.10/32 md5
# In the absence of preceding "host" lines, these two lines will
# reject all connection from 192.168.54.1 (since that entry will be
***************
*** 495,503 ****
# on the Internet. The zero mask means that no bits of the host IP
# address are considered so it matches any host.
#
! # TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
! host all all 192.168.54.1 255.255.255.255 reject
! host all all 0.0.0.0 0.0.0.0 krb5
# Allow users from 192.168.x.x hosts to connect to any database, if
# they pass the ident check. If, for example, ident says the user is
--- 490,498 ----
# on the Internet. The zero mask means that no bits of the host IP
# address are considered so it matches any host.
#
! # TYPE DATABASE USER CIDR-ADDRESS METHOD
! host all all 192.168.54.1/32 reject
! host all all 0.0.0.0/0 krb5
# Allow users from 192.168.x.x hosts to connect to any database, if
# they pass the ident check. If, for example, ident says the user is
***************
*** 505,512 ****
# connection is allowed if there is an entry in pg_ident.conf for map
# "omicron" that says "bryanh" is allowed to connect as "guest1".
#
! # TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
! host all all 192.168.0.0 255.255.0.0 ident omicron
# If these are the only three lines for local connections, they will
# allow local users to connect only to their own databases (databases
--- 500,507 ----
# connection is allowed if there is an entry in pg_ident.conf for map
# "omicron" that says "bryanh" is allowed to connect as "guest1".
#
! # TYPE DATABASE USER CIDR-ADDRESS METHOD
! host all all 192.168.0.0/16 ident omicron
# If these are the only three lines for local connections, they will
# allow local users to connect only to their own databases (databases
***************
*** 515,521 ****
# $PGDATA/admins contains a list of user names. Passwords are required in
# all cases.
#
! # TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
local sameuser all md5
local all @admins md5
local all +support md5
--- 510,516 ----
# $PGDATA/admins contains a list of user names. Passwords are required in
# all cases.
#
! # TYPE DATABASE USER CIDR-ADDRESS METHOD
local sameuser all md5
local all @admins md5
local all +support md5
***************
*** 959,961 ****
--- 954,957 ----
+
Index: src/backend/libpq/pg_hba.conf.sample
===================================================================
RCS file: /cvsroot/pgsql-server/src/backend/libpq/pg_hba.conf.sample,v
retrieving revision 1.52
diff -c -c -r1.52 pg_hba.conf.sample
*** src/backend/libpq/pg_hba.conf.sample 26 Aug 2004 13:44:38 -0000 1.52
--- src/backend/libpq/pg_hba.conf.sample 26 Aug 2004 16:11:09 -0000
***************
*** 28,38 ****
#
# CIDR-ADDRESS specifies the set of hosts the record matches.
# It is made up of an IP address and a CIDR mask that is an integer
! # between 0 and 32 (IPv6) or 128(IPv6) inclusive, that specifies
! # the number of significant bits in the mask, e.g. an IPv4 CIDR mask
! # of 8 is equivalent to an IP mask of 255.0.0.0, an IPv6 CIDR mask
! # of 64 is equivalent to an IP mask of ffff:ffff:ffff:ffff::. A
! # IPv4 CIDR mask of 32 is used for single hosts. Also, you can use a
# separate IP address and netmask to specify the set of hosts.
#
# METHOD can be "trust", "reject", "md5", "crypt", "password",
--- 28,35 ----
#
# CIDR-ADDRESS specifies the set of hosts the record matches.
# It is made up of an IP address and a CIDR mask that is an integer
! # (between 0 and 32 (IPv6) or 128(IPv6) inclusive) that specifies
! # the number of significant bits in the mask Also, you can use a
# separate IP address and netmask to specify the set of hosts.
#
# METHOD can be "trust", "reject", "md5", "crypt", "password",