PostgreSQL 7.3.4 ��ѥ��
Prev		Next

Chapter 6. ��饤��ǧ��

Table of Contents

6.1. pg_hba.conf �ե��

6.2.1. Trust ǧ��
6.2.2. �ѥ����ǧ��
6.2.3. Kerberos ǧ��
6.2.4. Ident �١��ǧ��
6.2.5. PAM ǧ��

��饤��ȥ��ץꥱ��󤬥ǡ��١��С��³��Ȥ��ϡ�Unix ��ԥ塼��Υ桼��Ȥ��ƥ��󤹤�Ȥ��Ʊ��褦�ˡ��ɤ� PostgreSQL �桼��̾��³��뤫��ꤷ�ޤ�� SQL �Ķ��Ǥ�¸�ߤ��ǡ��١��桼��̾�ǥǡ��١��֥��ȤؤΥ��¤��ޤ�ޤ�� ܤ�� Chapter 4 �򻲾Ȥ��Ƥ�� Ǥ��顢�ɤΥǡ��١��桼��ǡ��١��³�Ǥ��뤫��¤��뤳�Ȥ��Ū��׷�Ȥʤ�ޤ��

ǧ���ϥǡ��١��С��饤��Ȥοȸ��̤��α�Ĺ�Ȥ��ƥ��饤��ȥ��ץꥱ��ʤ⤷��ϥ��饤��ȥ��ץꥱ��¹Ԥ��桼��ˤ��׵ᤵ�줿�桼��̾��³��뤳�Ȥ��Ǥ��뤫�ɤ��ꤹ��Ǥ��

PostgreSQL �ˤϰۤʤä��Ĥ��Υ��饤��ǧ��ˡ��ޤ�� Υ��饤��³��ǧ�ڤ˻��Ѥ��ˡ�ϡ�(��饤��Ȥ�) �ۥ��ȥ��ɥ쥹��ǡ��١��ӥ桼��ˤ��ä��Ǥ��ޤ��

PostgreSQL �Υ桼��̾�ϲ�Ư��Ƥ��륵��С��Υ��ڥ졼�ƥ��󥰥��ƥ�Υ桼��̾�Ȥ��ط��䤿��Ƥ��ޤ�� ⤷��Υ��С��Τ��٤ƤΥ桼��С��ޥ��ˤ⥢��Ȥ��äƤ��硢��Υڥ졼�ƥ��󥰥��ƥ�Υ桼��̾�˾ȹ礹��ǡ��١��桼��̾��Ƥ뤳�Ȥ��ˤ��ʤäƤ��ޤ�� ȤϤ��äƤ⡢��⡼��³��륵��С��Ϥ��Υ��ԥ塼��˥��Ȥ��ʤ�¿��Υ桼��Ƥ��⤢�äơ��Τ褦�ʻ��ˤϥǡ��١��桼��̾�� Unix �桼��̾�Ȥδ֤δ�Ϣ��ɬ�פ��ޤ��

6.1. `pg_hba.conf` �ե��

��饤��ǧ�ڤϥǡ��ǥ��쥯�ȥꡢ�㤨�� /usr/local/pgsql/data/pg_hba.conf �ˤ�� pg_hba.conf �ե��Ǵ��Ƥ��ޤ�� (HBA �Ȥϡ�host-based authentication��ۥ��ȥ١��ǧ�ڤ�ά�Ǥ��) �ǥե��Ȥ� pg_hba.conf �ե��ϥǡ��ǥ��쥯�ȥ꤬ initdb �ǽ��˥��󥹥ȡ��뤵��ޤ��

pg_hba.conf �ե��ΰ��Ū�ʥե��ޥåȤϡ�1 �� ˤĤ� 1 �ĤΥ쥳��ɤν��ޤ�Ǥ�� Ԥϥ��Ѥ� "#" ʸ��ǻϤޤ�Ԥ�Ʊ��̵�뤵��ޤ�� 쥳��ɤϥ��ڡ��⤷��ϥ��֤Ƕ��ڤ�줿��Ĥ��Υե��ɤǹ��Ƥ��ޤ�� ե��ɤϡ��ե��ͤ��դ��ξ��ϥ��ڡ��ޤळ�Ȥ��Ǥ��ޤ�� 쥳��ɤϹԤ�ޤ��³��뤳�ȤϤǤ��ޤ��

��줾��Υ쥳��ɤ��³�η��(��³��ˤ��ư�̣��ĤΤǤ��) ��饤��Ȥ� IP ��ɥ쥹�ϰϡ��ǡ��١��̾��桼��̾��ӡ��Υѥ�᡼��ȹ礹��³�ǻ��Ѥ��ǧ��ˡ��ꤷ�ޤ�� ȹ�Τ��³�η��饤��ȥ��ɥ쥹��׵ᤵ�줿�ǡ��١��ӥ桼��̾��ޤ�ǽ�Υ쥳��ɤϡ�ǧ�ڽ��˻��Ѥ��ޤ�� "�ȹ�򤺤뤺��ȷ�³"��ꡢ ��뤤��"�Хå��å�"��Ԥ��ȤϤ��ޤ�� ϡ��⤷��쥳��ɤ��򤵤��ǧ�ڤ˼��Ԥ��硢��³�Υ쥳��ɤϹ�θ��ʤ��Ȥ��ȤǤ�� ɤΥ쥳��ɤ��פ��ʤ��ϥ��ݤ��ޤ��

�쥳��ɤΥե��ޥåȤϼ�� 3 �ĤΤ��Τɤ줫�ˤʤ�ޤ��

local   database  user  authentication-method  [authentication-option]
host    database  user  IP-address  IP-mask  authentication-method  [authentication-option]
hostssl  database  user  IP-address  IP-mask  authentication-method  [authentication-option]

�ե��ɤΰ�̣�ϰʲ��Τ褦�ˤʤäƤ��ޤ��

local

��Υ쥳��ɤ� Unix �ɥᥤ�󥽥��åȤ��Ѥ��³��б��ޤ�� μ��Υ쥳��ɤ��Ѥ��ʤ��ȡ�Unix �ɥᥤ�󥽥��åȷ�ͳ��³�ϵ��ݤ��ޤ��

host

��Υ쥳��ɤ� TCP/IP �ͥåȥ��Ѥ��³��б��ޤ�� С�� -i ��ץ��դǵ�ư��Ƥ��뤫��뤤�� tcpip_socket postgresql.conf ��ѥ�᡼��Ѳ�ǽ�Ǥʤ��¤ꡢTCP/IP ��³�ϤǤ��ʤ��Ȥ��դ��Ƥ��

hostssl

��Υ쥳��ɤ� TCP/IP ��ͳ�� SSL ��Ѥ��³��б��ޤ�� host �쥳��ɤ� SSL �� SSL �ˤ��³��ԤΤɤ��ˤ��б��ޤ��hostssl �쥳��ɤ� SSL ��³��׵ᤷ�ޤ��

��Υ��ץ��Ѥ��뤿��ˤϡ��С�� SSL ��ݡ��Ȥ��Ǥ��褦�˹��ۤ��Ƥ��ʤ��Ф��ޤ�� ޤ��postgresql.conf �� ssl ��ץ��ͭ��ˤ��뤳�Ȥ� SSL ��Ѳ�ǽ�ˤ��ɬ�פ��ޤ� (Section 3.4 �򻲾�)��

database

��Υ쥳��ɤǾȹ礹��ǡ��١��ꤷ�ޤ�� all �Ȥ��ͤϡ��٤ƤΥǡ��١��Ⱦȹ礹�뤳�Ȥ��ꤷ�ޤ�� sameuser �Ȥ��ͤϡ��׵��ǡ��١��׵�桼��Ʊ��̾��ľ��˥쥳��ɤ�ȹ礹�뤳�Ȥ��ꤷ�ޤ�� samegroup �Ȥ��ͤϡ��׵�桼��׵��ǡ��١��Ʊ��̾��Υ��롼�פΥ��С��Ǥʤ��Фʤ�ʤ��Ȥ��ꤷ�ޤ�� ʳ��ξ��ˤ�� PostgreSQL �ǡ��١��̾��ˤʤ�ޤ�� ǡ��١��̾��ϥ��ޤǶ��ڤ뤳�Ȥ�ʣ��Ǥ��ޤ�� ǡ��١��̾��ޤ�ե��ϡ��Υե��̾�� @ ��դ��뤳�Ȥǻ��Ǥ��ޤ�� Υե�� pg_hba.conf ��Ʊ��ǥ��쥯�ȥ��¸�ߤ��ɬ�פ��ޤ��

user

��Υ쥳��ɤǾȹ礹�� PostgreSQL �桼��ꤷ�ޤ�� all �Ȥ��ͤϡ��٤ƤΥ桼��Ⱦȹ礹�뤳�Ȥ��ꤷ�ޤ�� ʳ��ξ��ˤ�� PostgreSQL �桼��̾��ˤʤ�ޤ�� 桼��̾��ϥ��ޤǶ��ڤ뤳�Ȥ�ʣ��Ǥ��ޤ�� 롼��̾�ϡ��Υ��롼��̾�� + ��դ��뤳�Ȥǻ��Ǥ��ޤ�� 桼��̾��ޤ�ե��ϡ��Υե��̾�� @ ��դ��뤳�Ȥǻ��Ǥ��ޤ�� Υե�� pg_hba.conf ��Ʊ��ǥ��쥯�ȥ��¸�ߤ��ɬ�פ��ޤ��

IP-address IP-mask

�� 2 �ĤΥե��ɤˤϡ�ɸ��Υɥåȶ��ڤ� 10 ��ɽ��ɽ��줿 IP ��ɥ쥹 / �ޥ��ͤ��ޤ�� (IP ��ɥ쥹�ϥɥᥤ��ۥ��̾�ǤϤʤ��ͤˤ�äƤΤ߻��Ǥ��ޤ��) ξ��Υե��ɤ��Ѥ��ơ��Υ쥳��ɤ��ȹ礹�륯�饤��ȥޥ�� IP ��ɥ쥹��ꤷ�ޤ�� ܺ٤ʹͤ��ϰʲ��Τ褦�ˤʤ�ޤ��

(actual-IP-address xor IP-address-field) and IP-mask-field

��α黻��Ǥʤ��ȥ쥳��ɤȾȹ礵��ޤ�� ʤ�� IP ��ɥ쥹�򵶤뤳�Ȥ��Ǥ��ޤ��Υơ��ޤ��θ��Τ� PostgreSQL �μ��ϰϳ��Ǥ��

��Υե��ɤ� host �� hostssl �쥳��ɤˤΤ�Ŭ�Ѥ��ޤ��

ǧ��

��Υ쥳��ɤ��Ѥ��³��ݤ˻��Ѥ��ǧ��ꤷ�ޤ�� ѤǤ��ϲ��ΤȤ��Ǥ��ܤ�� Section 6.2 �򻲾Ȥ��Ƥ��

trust

��³��̵��ǵ��Ĥ��ޤ�� ϡ�PostgreSQL �ǡ��١��³�Ǥ��뤹�٤ƤΥ桼��Ǥ�դ� PostgreSQL �桼��Ȥ��ƥѥ���ɤʤ��ǥ��󤹤뤳�Ȥ��Ĥ��ޤ�� ܺ٤� Section 6.2.1 �򻲾Ȥ��Ƥ��

reject

��³��̵��˵��ݤ��ޤ�� Υۥ��Ȥ򥰥롼�פ��"��"��뤿��Ǥ��

md5

��饤��Ȥ��Ф��ǧ�ڤǻ��Ѥ�� MD5 �Ź沽�ѥ���ɤ��׵ᤷ�ޤ�� ϰŹ沽�ѥ���ɤ� pg_shadow ��ݴɤ��뤳�Ȥ��Ǥ��ͣ��Ǥ�� ܺ٤� Section 6.2.2 �򻲾Ȥ��Ƥ��

crypt

md5 ��Ȼ��Ƥ��ޤ�� 7.2 ��Υ��饤��Ȥ�ɬ�פȤ��켰�� crypt �Ź沽��Ѥ��ޤ�� 7.2 �ʹߤΥ��饤��ȤǤ� md5 ��ɤ��Ǥ��礦�� ܺ٤� Section 6.2.2 �򻲾Ȥ��Ƥ��

password

��md5��Ʊ��Ǥ��ѥ���ɤϥͥåȥ��̤��̤Υƥ��ȷ��ޤ�� ꤵ��Ƥ��ʤ��ͥåȥ��Ǥϻ��Ѥ��ʤ��Ǥ�� ܺ٤� Section 6.2.2 �򻲾Ȥ��Ƥ��

krb4

�桼��ǧ�ڤ� Kerberos V4 ��Ѥ��ޤ�� TCP/IP ��³�λ��Τ�ͭ��Ǥ�� ܺ٤� Section 6.2.3 �򻲾Ȥ��Ƥ��

krb5

�桼��ǧ�ڤ� Kerberos V5 ��Ѥ��ޤ�� TCP/IP ��³�λ��Τ�ͭ��Ǥ�� ܺ٤� Section 6.2.3 �򻲾Ȥ��Ƥ��

ident

��饤��ȤΥ��ڥ졼�ƥ��󥰥��ƥ�Υ桼��̾�� (TCP/IP ��³�Ǥϥ��饤��Ⱦ�� ident ��С��˿Ҥͤ뤳�Ȥǡ��³�Ǥϥ��ڥ졼�ƥ��󥰥��ƥफ��) ��ident ���ɤ�³��ƻ��ꤵ�줿�ޥåפ�Ĵ�٤뤳�Ȥǡ��Υ桼��׵ᤵ�줿�ǡ��١��Υ桼��Ȥ��³��Ĥ��Ƥ��뤫�ɤ��򸡺��ޤ��

�ޥåפ� sameuser ��Ѥ��Ƥ��硢��ڥ졼�ƥ��󥰥��ƥ�Υ桼��̾�ȥǡ��١��Υ桼��̾��Ʊ��Ǥ��Ȥߤʤ��ޤ�� Ǥʤ��ϡ��ޥåפ�̾�� pg_hba.conf ��Ʊ��ǥ��쥯�ȥ�ˤ�� pg_ident.conf �ե��뤫�鸡��ޤ�� ident ��줿�桼��̾��׵ᤵ�줿 PostgreSQL �Υ桼��̾��ĥޥå�̾�ι��ܤ��Υե��˴ޤޤ�Ƥ��硢��³�ϵ��Ĥ��ޤ��

��³�ξ��ϡ�Unix �ɥᥤ�󥽥��åȤο��Ѿ�� (��ǥ󥷥��) �򥵥ݡ��Ȥ��Ƥ��ޥ�� (��Ǥ� Linux��FreeBSD��NetBSD�� BSD/OS) �ǤΤߵ�ǽ��ޤ��

�ܺ٤ϰʲ�� Section 6.2.4 �򻲾Ȥ��Ƥ��

pam

��ڥ졼�ƥ��󥰥��ƥ�ˤ�ä��󶡤�� PAM(Pluggable Authentication Modules) ��ӥ��Ѥ��ǧ�ڤǤ�� ܺ٤� Section 6.2.5 �򻲾Ȥ��Ƥ��

ǧ�ڤΥ��ץ��

��Υ��ץ��ե��ɤΰ�̣�ϡ��򤵤줿ǧ��ˤ�äưۤʤ�ޤ��ޤ��

pg_hba.conf �쥳��ɤ��³��ߤ��٤��༡Ū�˸��ޤ��쥳��ɤν��ϤȤƤ��ڤǤ�� ŵ��Ū�ˤϡ��Ϥ�Τۤ��Υ쥳��ɤˤϸ��³�ȹ�ѥ�᡼��ȴˤ��ȹ��Τ��Ф��Τۤ��Υ쥳��ɤˤϤ��ˤ��ȹ�ѥ�᡼��Ȥ�긷��ǧ��ޤ�� 㤨�С�� TCP ��³�Ǥ�trust ǧ��⡼�� TCP ��³��Ф��Ƥϥѥ���ɤ��׵ᤷ��Ȥ��ޤ�� ξ�硢��ϰϤˤ錄�äƵ��Ĥ��륯�饤��Ȥ� IP ��ɥ쥹��Ф��ѥ����ǧ�ڤ��ꤹ��쥳��ɤ�� 127.0.0.1 ��³��Ф�� trust ǧ�ڻ��Υ쥳��ɤ��֤��ʤ��Фʤ�ޤ��

Important: ��ѡ��桼�� template1 �ǡ��١��˥��뤳�Ȥ�˸��ʤ��Ǥ�� ޤ��ޤʥ桼�ƥ��ƥ��ޥ�ɤ� template1 �ؤΥ��ɬ�פǤ��

pg_hba.conf �ե��ϵ�ư��ȡ�postmaster �� SIGHUP ��ä��Ȥ��ɤ߹��ޤ�ޤ�� Ư��Υ��ƥ�ǥե��Խ��ϡ��pg_ctl reload ��뤤�� kill -HUP ��Ѥ��ơ�postmaster �˥ե��⤦��ɤ߹��褦�˿��Ф��ʤ��Фʤ�ޤ��

pg_hba.conf�ե��ΰ�� Example 6-1�˼��ޤ�� ۤʤ�ǧ�ڥ᥽�åɤξܺ٤ˤĤ��ƤϤ��θ��ޤ��

Example 6-1. pg_hba.conf �ե��

# �������륷���ƥ��Τ��٤ƤΥ桼��������Ǥ�դΥǡ����١�����
# Ǥ�դΥ桼����̾�� Unix �ɥᥤ�󥽥��åȤ���Ѥ�����³���뤳�Ȥ����
# (����������³�Ǥϥǥե����)��
#
# TYPE  DATABASE    USER        IP-ADDRESS        IP-MASK           METHOD
local   all         all                                             trust

# ��������롼�ץХå��� TCP/IP ��³�Ǥ��뤳�Ȥ�����ƾ嵭��Ʊ����
#
# TYPE  DATABASE    USER        IP-ADDRESS        IP-MASK           METHOD
host    all         all         127.0.0.1         255.255.255.255   trust     

# IP ���ɥ쥹 192.168.93.x ����Ĥ��٤ƤΥۥ��ȤΤ��٤ƤΥ桼��������
# ident ��������³�ˤĤ�����𤹤�Τ�Ʊ���桼����̾ (ŵ��Ū�ˤ� Unix �桼����̾) ��
# �ǡ����١�����template1�פ���³���뤳�Ȥ���ġ�
# 
# TYPE  DATABASE    USER        IP-ADDRESS        IP-MASK           METHOD
host    template1   all         192.168.93.0      255.255.255.0     ident sameuser

# �桼�����Υѥ���ɤ����������Ϥ��줿��硢
# �ۥ��� 192.168.12.10 ����Υ桼�������ǡ����١�����template1�פ���³���뤳�Ȥ���ġ�
# 
# TYPE  DATABASE    USER        IP-ADDRESS        IP-MASK           METHOD
host    template1   all         192.168.12.10     255.255.255.255   md5

# ��Ԥ����host�׹Ԥ��ʤ���С������ 2 �Ԥˤ�ä�
# (���ι��ܤ��ǽ�˾ȹ礵��뤳�Ȥ���) 192.168.54.1 �������³�λ�ߤ򤹤٤Ƶ��ݡ�
# â�������󥿡��ͥåȾ��¾�Τ��٤Ƥξ�꤫��� Kerberos V ��³�ϵ��ġ�
# �����ޥ����ϡ��ۥ��� IP ���ɥ쥹�ΥӥåȤ��θ������
# �ɤΥۥ��ȤǤ�ȹ�Ǥ��뤳�Ȥ��̣���롣
# 
# TYPE  DATABASE    USER        IP-ADDRESS        IP-MASK           METHOD
host    all         all         192.168.54.1      255.255.255.255   reject
host    all         all         0.0.0.0           0.0.0.0           krb5

# 192.168.x.x �ۥ��Ȥ���Υ桼��������ident �����å����̤��硢
# �ɤΥǡ����١����ˤǤ���³����ġ��⤷��ident ����bryanh�פ�ǧ�ꤷ
# ��bryanh�פ� PostgreSQL �Υ桼������guest1�פȤ���
# ��³�׵��Ф���硢��bryanh�פϡ�guest1�פȤ�����³�����Ĥ���ޤ��Ȥ���
# �ޥåס�omicron�פ��Ф��뵭�ܻ��ब pg_ident.conf �ˤ������³����ġ�
#
# TYPE  DATABASE    USER        IP-ADDRESS        IP-MASK           METHOD
host    all         all         192.168.0.0       255.255.0.0       ident omicron

# ����������³���Ф��Ƥ��ä� 3 �Ԥ������ܤ��ʤ���硢��������桼������ 
# ��ʬ�Υǡ����١��� (�桼����̾��Ʊ��̾���Υǡ����١���) �ˤΤ���³���ġ�
# â�������Ԥȥ��롼�ס�support�פΥ��С���
# ���٤ƤΥǡ����١�������³��ǽ��
# $PGDATA/admins �ե�����ϥ桼����̾�Υꥹ�Ȥ�ޤࡣ  
# ���٤Ƥξ��˥ѥ���ɤ�ɬ�ס�

#
# TYPE  DATABASE    USER        IP-ADDRESS        IP-MASK           METHOD
local   sameuser    all                                             md5
local   all         @admins                                         md5
local   all         +support                                        md5

# �嵭�κǸ�� 2 �Ԥ� 1 �ĤιԤˤޤȤ�뤳�Ȥ���ǽ��
local   all         @admins,+support                                md5

# �ǡ����١�������ˤϥꥹ�Ȥ�ե�����̾����ѤǤ��뤬�����롼�פϻ��ѤǤ��ʤ���
local   db1,db2,@demodbs  all                                       md5

Prev	Home	Next
�ǡ��١��κ��		ǧ��

Chapter 6. ���饤�����ǧ��

6.1. pg_hba.conf �ե�����

Chapter 6. ��饤��ǧ��

6.1. `pg_hba.conf` �ե��