Postgresql 的远程登录配置 pg_hba.conf

关于pg_hba.conf文件

pg_hba.conf文件负责客户端登录的认证配置。

  1. type
    local记录是本地登录认证规则,host记录是远程主机登录认证规则。
  2. database
    认证记录针对的数据库,all代表全部
  3. user
    认证记录针对的登录用户,all代表全部
  4. address
    认证记录针对的地址,0/0代表全部主机
  5. method
    trust:不需要输入密码,
    password:密码明文传输,
    md5:密码使用md5加密,
    reject:表示拒绝,
    ident:用系统用户认证(todo)

初始配置

初始情况下,pg_hba.conf不允许远程登录

[postgres@pg pgdata]$ vim pg_hba.conf
# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     trust
# IPv4 local connections:
host    all             all             127.0.0.1/32            trust
# IPv6 local connections:
host    all             all             ::1/128                 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
local   replication     all                                     trust
host    replication     all             127.0.0.1/32            trust
host    replication     all             ::1/128                 trust

此时远程主机上的客户端登录数据库会提示错误

connection to server at “192.168.109.101”, port 5432 failed: FATAL: no pg_hba.conf entry for “host192.168.109.3", user “postgres”, database “postgres”, no encryption

修改配置允许远程登录

在pg_hba.conf中添加下面一行配置,对于主机配置(host),允许所有远程主机(0/0),以所有用户身份(all),以密码md5加密的方式(md5),登录所有的库(all)

host    all             all             0/0                     md5

重启数据库服务,使配置生效,或者使用run “pg_ctl reload” 或 “SELECT pg_reload_conf()”

[postgres@pg pgdata]$ /opt/pgsql/bin/pg_ctl -D /opt/pgdata restart
waiting for server to shut down.... done
server stopped
waiting for server to start....2023-03-20 11:56:10.229 CST [72055] LOG:  redirecting log output to logging collector process
2023-03-20 11:56:10.229 CST [72055] HINT:  Future log output will appear in directory "log".
 done
server started

此时,可以从远程主机用客户端登录数据库,且需要输入密码。如果不需要输入密码,可以把 md5 改为 trust

你可能感兴趣的:(postgresql,postgresql,数据库,服务器)