PostgreSQL 8.0.4 ʸ��
��Υڡ��	��ᤷ		��	��Υڡ��

�� 19�ϥ��饤��ǧ��

�ܼ�

19.1. pg_hba.conf �ե��

19.2.1. Trustǧ��
19.2.2. �ѥ����ǧ��
19.2.3. Kerberos ǧ��
19.2.4. Ident �١��ǧ��
19.2.5. PAM ǧ��

��饤��ȥ��ץꥱ��󤬥ǡ��١��Ф��³��Unix ��ԥ塼��Υ桼��Ȥ��ƥ��󤹤��Ʊ��褦�ˡ��ɤ� PostgreSQL �桼��̾��³��뤫��ꤷ�ޤ�� SQL �Ķ��Ǥ�¸�ߤ��ǡ��١��桼��̾�ǥǡ��١��֥��ȤؤΥ��¤��ޤ�ޤ�� ܤ�� 17�� 򻲾Ȥ��Ƥ�� Ǥ��顢�ɤΥǡ��١��桼��ǡ��١��³�Ǥ��뤫��¤��뤳�Ȥ��ܤȤʤ�ޤ��

ǧ���ϥǡ��١��Ф��饤��Ȥοȸ��̤��α�Ĺ�Ȥ��ƥ��饤��ȥ��ץꥱ��ʤ⤷��ϥ��饤��ȥ��ץꥱ��¹Ԥ��桼��ˤ��׵ᤵ�줿�桼��̾��³��뤳�Ȥ��Ǥ��뤫�ɤ��ꤹ��Ǥ��

PostgreSQL �ˤϰۤʤä��饤��ǧ��ˡ��ʣ��󶡤��ޤ�� Υ��饤��³��ǧ�ڤ˻��Ѥ��ˡ�ϡ�(��饤��Ȥ�) �ۥ��ȥ��ɥ쥹��ǡ��١��ӥ桼��ˤ��ä��Ǥ��ޤ��

PostgreSQL �桼��̾�ϲ�Ư��Ƥ��륵��ФΥ��ڥ졼�ƥ��󥰥��ƥ�Υ桼��̾�Ȥ��Ū��ʬ��Ƥ��ޤ�� ⤷��Υ��ФΤ��٤ƤΥ桼��Хޥ��ˤ⥢��Ȥ��äƤ��硢��Υ��ڥ졼�ƥ��󥰥��ƥ�Υ桼��̾�˰��פ��ǡ��١��桼��̾��Ƥ뤳�Ȥ��ˤ��ʤäƤ��ޤ�� ⡼��³��դ��륵��Фϡ��ʥ��ڥ졼�ƥ��󥰥��ƥ�Υ��Ȥ��ʤ��ǡ��١��桼��¿��äƤ��⤢��ޤ�� Τ褦�ʻ��ˤϥǡ��١��桼��̾��OS�Υ桼��̾�Ȥδ֤δ�Ϣ��ɬ�פ��ޤ��

19.1. `pg_hba.conf` �ե��

��饤��ǧ�ڤϥǡ��١��饹��Υǡ��ǥ��쥯�ȥ��Ρ��Ū��pg_hba.conf�Ȥ��̾��ե��Ǵ��Ƥ��ޤ�� (HBA �Ȥϡ�host-based authentication��ۥ��ȥ١��ǧ�ڤ�ά�Ǥ��) �ǥե��Ȥ� pg_hba.conf �ե��ϥǡ��ǥ��쥯�ȥ꤬ initdb �ǥǡ��ǥ��쥯�ȥ꤬��˥��󥹥ȡ��뤵��ޤ�� ǧ��ե��¾�ξ��֤��뤳�Ȥ��Ǥ��ޤ�� hba_file��ѥ�᡼��򻲾Ȥ��Ƥ��

pg_hba.conf �ե��ΰ��Ū�ʽ񼰤ϡ�1 �� ˤĤ� 1 �ĤΥ쥳��ɤȤ��쥳��ɤν��Ǥ�� Ԥϥ��Ѥ� #ʸ��ʹߤ�ʸ��Ʊ��̵�뤵��ޤ�� 쥳��ɤϥ��ڡ��⤷��ϥ��֡��⤷��Ϥ��ξ��Ƕ��ڤ�줿��ʣ��Υե��ɤǹ��Ƥ��ޤ�� ե��ɤˤϡ��ե��ͤ��դ��ξ��ʸ��ޤळ�Ȥ��Ǥ��ޤ�� 쥳��ɤϹԤ�ޤ��³��뤳�ȤϤǤ��ޤ��

��줾��Υ쥳��ɤ��³��(��³��Ф��ư�̣��ĤΤǤ��) ��饤��Ȥ� IP ��ɥ쥹�ϰϡ��ǡ��١��̾��桼��̾��ӡ��Υѥ�᡼��˰��פ��³�ǻ��Ѥ��ǧ��ˡ��ꤷ�ޤ�� ³��饤��ȥ��ɥ쥹��׵ᤵ�줿�ǡ��١��ӡ��桼��̾�˰��פ��ǽ�Υ쥳��ɤ�ǧ�ڽ��˻��Ѥ��ޤ�� "��Ի��η�³"�䡢 ��뤤��"�Хå��å�"�Ϥ��ޤ�� ϡ��⤷��쥳��ɤ��򤵤��ǧ�ڤ˼��Ԥ��硢��³�Υ쥳��ɤϹ�θ��ʤ��Ȥ��ȤǤ�� ɤΥ쥳��ɤ��פ��ʤ��ϥ��ݤ��ޤ��

�쥳��ɤ�7�Ĥν񼰤Τ��1�Ĥη��ޤ��

local      database  user  authentication-method  [authentication-option]
host       database  user  CIDR-address  authentication-method  [authentication-option]
hostssl    database  user  CIDR-address  authentication-method  [authentication-option]
hostnossl  database	user  CIDR-address  authentication-method  [authentication-option]
host       database  user  IP-address  IP-mask  authentication-method  [authentication-option]
hostssl    database  user  IP-address  IP-mask  authentication-method  [authentication-option]
hostnossl  database  user  IP-address  IP-mask  authentication-method  [authentication-option]

�ե��ɤΰ�̣�ϰʲ��Τ褦�ˤʤäƤ��ޤ��

local

��Υ쥳��ɤ� Unix �ɥᥤ�󥽥��åȤ��Ѥ��³��б��ޤ�� μ��Υ쥳��ɤ��Ѥ��ʤ��ȡ�Unix �ɥᥤ�󥽥��åȷ�ͳ��³�ϵ��ݤ��ޤ��

host

��Υ쥳��ɤϡ�TCP/IP��Ѥ��³��б��ޤ�� host�쥳��ɤϡ�SSL�⤷��SSL��³�Τ��줫��б��ޤ��

��: ��ФΥǥե��Ȥ�ư��ϡ��롼�ץХå��ɥ쥹�Ǥ��localhost�Τ� TCP/IP ��³��ƻ뤷�Ƥ��ޤ�� äƥ��Фˤ��listen_addresses�ѥ�᡼��Ŭ�ڤ��ͤ��ꤵ�줿��֤ǵ�ư��Ƥ��ʤ��¤ꡢ��⡼�Ȥ�TCP/IP��³�Ͻ��ޤ��

hostssl

��Υ쥳��ɤϡ��³��SSL�ǰŹ沽��Ƥ��ˤΤ� TCP/IP �ͥåȥ��Ѥ��³��б��ޤ��

��Υ��ץ��Ѥ��뤿��ˤϡ��Ф�SSL��ݡ��Ȥ��Ǥ��褦�˹��ۤ��Ƥ��ʤ��Ф��ޤ�� ޤ�� SSL��ssl�ѥ�᡼��ꤹ�뤳�Ȥˤ�ꥵ��Фε�ư��ͭ��ˤʤäƤ��ʤ��ƤϤʤ�ޤ��ʾܺ٤��16.8�򻲾Ȥ��Ƥ��ˡ�

hostnossl

��Υ쥳��ɤϡ�hostssl��ȿ�Ф�ư��ǡ�SSL��Ѥ��Ƥ��ʤ�TCP/IP��³�Τߤ��б��ޤ��

database

��Υ쥳��ɤ��б��ǡ��١��ꤷ�ޤ�� all �Ȥ��ͤϡ��٤ƤΥǡ��١��б��뤳�Ȥ��ꤷ�ޤ�� sameuser �Ȥ��ͤϡ��׵ᤵ�줿�ǡ��١��׵�桼��Ʊ��̾��ľ��˥쥳��ɤ��б��뤳�Ȥ��ꤷ�ޤ�� samegroup �Ȥ��ͤϡ��׵�桼��׵ᤵ�줿�ǡ��١��Ʊ��̾��Υ��롼�פΥ��ФǤʤ��Фʤ�ʤ��Ȥ��ꤷ�ޤ�� ʳ��ξ��ˤϡ�� PostgreSQL �ǡ��١��̾��ˤʤ�ޤ�� ǡ��١��̾��ϥ��ޤǶ��ڤ뤳�Ȥ�ʣ��Ǥ��ޤ�� ǡ��١��̾��ޤ�ե��򡢤��Υե��̾�� @ ��դ��뤳�Ȥǻ��Ǥ��ޤ��

user

��Υ쥳��ɤ��б�� PostgreSQL �桼��ꤷ�ޤ�� all �Ȥ��ͤϡ��٤ƤΥ桼��б��뤳�Ȥ��ꤷ�ޤ�� ʳ��ξ��ˤ�� PostgreSQL �桼��̾��ˤʤ�ޤ�� 桼��̾��ϥ��ޤǶ��ڤ뤳�Ȥ�ʣ��Ǥ��ޤ�� 롼��̾�ϡ��Υ��롼��̾�� + ��դ��뤳�Ȥǻ��Ǥ��ޤ�� 桼��̾��ޤ�ե��򡢤��Υե��̾�� @ ��դ��뤳�Ȥǻ��Ǥ��ޤ��

CIDR-address

��Υ쥳��ɤ��б��Ƥ��륯�饤��ȥޥ�� IP ��ɥ쥹��ϰϡ� ��ɸ��Υɥåȶ��ڤ�10��ɽ��Ǥ�IP��ɥ쥹��CIDR�ޥ��Ĺ��ޤ�Ǥ��ޤ� ��IP��ɥ쥹�Ͽ��ͤǤΤ�ɽ��졢�ɥᥤ��̾��ۥ��̾�Ǥ�ɽ��ޤ��ˡ� CIDR�ޥ��Ĺ�Ȥϡ��饤��IP��ɥ쥹��פ��ʤ��Фʤ�ʤ��̤Υӥåȿ��ɽ��ΤǤ�� ꤹ��IP��ɥ쥹�Τ��걦¦�ΥӥåȤˤϡ�0��ꤷ�ʤ��Фʤ�ޤ�� IP��ɥ쥹��/��ӡ�CIDR�ޥ��Ĺ�δ֤ˤ϶��ƤϤ��ޤ��

ŵ��Ū��CIDR-address�ϡ�ñ��Υۥ��ȤǤ�172.20.143.89/32��ͥåȥ��Ǥ�172.20.143.0/24�Τ褦�ʤ�ΤǤ�� ñ��ۥ��Ȥ��ꤹ��ˤϡ�IPv4�Ǥ�32�Ȥ��CIDR�ޥ��IPv6�Ǥ�128��Ѥ��Ƥ��

IPv4�񼰤�Ϳ��줿IP��ɥ쥹�ϡ��б��륢�ɥ쥹��IPv6��³��Ф��Ƥ��б��ޤ�� 㤨�С�127.0.0.1 ��::ffff:127.0.0.1 IPv6��ɥ쥹��б��ޤ�� IPv6�񼰤�Ϳ��줿��ܤϡ��Ȥ��Υ��ɥ쥹��IPv6��IPv4��ϰ��Ǥ��ä��Ȥ��Ƥ�IPv6��³�Τߤ��б��ޤ�� IPv6�񼰤ι��ܤϡ��ƥ��C�饤�֥�꤬IPv6��ɥ쥹�򥵥ݡ��Ȥ��Ƥ��ʤ��䤵��뤳�Ȥ��դ��Ƥ��

��Υե��ɤ� host �� hostssl��hostnossl �쥳��ɤˤΤ�Ŭ�Ѥ��ޤ��

IP-address IP-mask

��Υե��ɤ�CIDR-addressɽ��ؤȤ��ƻ��Ѳ�ǽ�Ǥ�� ޥ��Ĺ��ꤹ��ˡ��ºݤΥޥ��ʬΥ��ǻ��ꤷ�ޤ�� 㤨��255.0.0.0��IPv4��CIDR�ޥ��Ĺ8��̣��255.255.255.255��CIDR�ޥ��Ĺ32��̣��Ƥ��ޤ��

��Υե��ɤ� host �� hostssl��hostnossl �쥳��ɤˤΤ�Ŭ�Ѥ��ޤ��

authentication-method

��Υ쥳��ɤ��Ѥ��³��ݤ˻��Ѥ��ǧ��ꤷ�ޤ�� ѤǤ��ϰʲ��ˤޤȤ�Ƥ��ޤ��ܤ�� 19.2 �򻲾Ȥ��Ƥ��

trust: ��³��̵��ǵ��Ĥ��ޤ�� ϡ�PostgreSQL �ǡ��١��Ф��³�Ǥ��뤹�٤ƤΥ桼��Ǥ�դ� PostgreSQL �桼��Ȥ��ƥѥ���ɤʤ��ǥ��󤹤뤳�Ȥ��Ĥ��ޤ�� ܺ٤� ��19.2.1 �򻲾Ȥ��Ƥ��
reject: ��³��̵��˵��ݤ��ޤ�� Υۥ��Ȥ򤢤륰�롼�פ��"��"��뤿��Ǥ��
md5: ��饤��Ȥ��Ф��ǧ�ڻ�� MD5 �Ź沽�ѥ���ɤ��׵ᤷ�ޤ�� ܺ٤� ��19.2.2 �򻲾Ȥ��Ƥ��
crypt: ��饤��Ȥ��Ф��ǧ�ڻ��crypt()�Ź沽�ѥ���ɤ��׵ᤷ�ޤ�� 7.2�ʹߤΥ��饤��ȤǤ�md5��ɤ��ΤǤ��7.2��Υ��饤��ȤǤ�crypt��ݡ��Ȥ��Ƥ��ޤ�� ܺ٤� ��19.2.2 �򻲾Ȥ��Ƥ��
password: ��饤��Ȥ��Ф��ǧ�ڻ��ʿʸ�Υѥ���ɤ��׵ᤷ�ޤ�� ѥ���ɤϥͥåȥ��̤��̤Υƥ��ȷ��ޤ��Τǡ��ꤵ��Ƥ��ʤ��ͥåȥ��Ǥϻ��Ѥ��ʤ��Ǥ�� ܺ٤� ��19.2.2 �򻲾Ȥ��Ƥ��
krb4: �桼��ǧ�ڤ�Kerberos V4��Ѥ��ޤ�� TCP/IP ��³�λ��Τ�ͭ��Ǥ�� ܺ٤��19.2.3�򻲾Ȥ��Ƥ��
krb5: �桼��ǧ�ڤ�Kerberos V5��Ѥ��ޤ�� TCP/IP ��³�λ��Τ�ͭ��Ǥ�� ܺ٤� ��19.2.3 �򻲾Ȥ��Ƥ��
ident: ��饤��ȤΥ��ڥ졼�ƥ��󥰥��ƥ�ˤ��桼��̾�� (TCP/IP ��³�Ǥϥ��饤��Ⱦ�� ident ��Ф˿Ҥͤ뤳�Ȥǡ��³�Ǥϥ��ڥ졼�ƥ��󥰥��ƥफ��) ��ident ���ɤ�³��ƻ��ꤵ�줿�ޥåפ�Ĵ�٤뤳�Ȥǡ��Υ桼��׵ᤵ�줿�ǡ��١��Υ桼��Ȥ��³��Ĥ��Ƥ��뤫�ɤ��򸡺��ޤ�� ܺ٤��19.2.4�򻲾Ȥ��Ƥ��
pam: ��ڥ졼�ƥ��󥰥��ƥ�ˤ�ä��󶡤�� PAM(Pluggable Authentication Modules) ��ӥ��Ѥ��ǧ�ڤǤ�� ܺ٤� ��19.2.5 �򻲾Ȥ��Ƥ��

authentication-option

��Υ��ץ��ե��ɤΰ�̣�ϡ��򤵤줿ǧ��ˤ�äưۤʤ�ޤ�� ܺ٤ϰʲ��ޤ��

@��ˤ��ޤ��ե��ϡ��ʸ��뤤�ϥ��ޤΤɤ��餫�Ƕ��ڤ�줿̾��Ȥ��ɤ߹��ޤ�ޤ�� Ȥϡ�pg_hba.conf��Ʊ�ͤ�#��Ϥޤ�ޤ�� ޤ��@��Ҥˤ��뤳�Ȥ�Ǥ��ޤ�� @�θ�Υե��̾��Хѥ��Ǥʤ��¤ꡢ��ȸ��ե��뤬¸�ߤ��ǥ��쥯�ȥ꤫��ߤ��Хѥ��Ǥ��Ȥߤʤ��ޤ��

pg_hba.conf �쥳��ɤ��³��ߤ��٤˽��֤˸��ޤ��Τǡ��쥳��ɤν��ϤȤƤ��ڤǤ�� ŵ��Ū�ˤϡ��Ϥ�Τۤ��Υ쥳��ɤˤϸ��³�ȹ�ѥ�᡼��ȴˤ��ȹ��Τ��Ф��Τۤ��Υ쥳��ɤˤϤ��ˤ��ȹ�ѥ�᡼��Ȥ�긷��ǧ��ޤ�� 㤨�С�� TCP ��³�Ǥ�trust ǧ��⡼�� TCP ��³��Ф��Ƥϥѥ���ɤ��׵ᤷ��Ȥ��ޤ�� ξ�硢��ϰϤˤ錄�äƵ��Ĥ��륯�饤��Ȥ� IP ��ɥ쥹��Ф��ѥ����ǧ�ڤ��ꤹ��쥳��ɤ�� 127.0.0.1 ��³��Ф�� trust ǧ�ڻ��Υ쥳��ɤ��֤��ʤ��Фʤ�ޤ��

pg_hba.conf �ե��ϵ�ư��ȡ��Ȥʤ륵��Хץ��(postmaster)��SIGHUP ��ä��ɤ߹��ޤ�ޤ�� Ư��Υ��ƥ�ǥե��Խ��ϡ��pg_ctl reload ��뤤�� kill -HUP ��Ѥ��ơ�postmaster �˥ե��⤦��ɤ߹��褦�˿��Ф��ʤ��Фʤ�ޤ��

pg_hba.conf�ե��򤤤��Ĥ��19-1�˼��ޤ�� Ƽ�ǧ��ξܺ٤ˤĤ��ƤϤ��θ��ޤ��

�� 19-1. pg_hba.conf�ι��ܤ��

# �������륷���ƥ��Τ��٤ƤΥ桼������Ǥ�դΥǡ����١�����
# Ǥ�դΥ桼��̾�� Unix �ɥᥤ�󥽥��åȤ���Ѥ�����³���뤳�Ȥ����
# (����������³�Ǥϥǥե����)��
#
# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
local   all         all                               trust

# ��������롼�ץХå��� TCP/IP ��³�Ǥ��뤳�Ȥ�����ƾ嵭��Ʊ����
#
# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
host    all         all         127.0.0.1/32          trust     

# ʬ�䤷���ͥåȥޥ��������Ѥ��Ƥ��뤳�Ȥ�����ƾ嵭��Ʊ��
#
# TYPE  DATABASE    USER        IP-ADDRESS    IP-MASK             METHOD
host    all         all         127.0.0.1     255.255.255.255     trust     

# IP ���ɥ쥹 192.168.93.x ����Ĥ��٤ƤΥۥ��ȤΤ��٤ƤΥ桼������
# ident ��������³�ˤĤ�����𤹤�Τ�Ʊ���桼��̾ (ŵ��Ū�ˤ� Unix �桼��̾) ��
# �ǡ����١�����template1�פ���³���뤳�Ȥ���ġ�
# 
# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
host    template1   all         192.168.93.0/24       ident sameuser

# �桼���Υѥ���ɤ����������Ϥ��줿��硢
# �ۥ��� 192.168.12.10 ����Υ桼�����ǡ����١�����template1�פ���³���뤳�Ȥ���ġ�
# 
# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
host    template1   all         192.168.12.10/32      md5

# ��Ԥ����host�׹Ԥ��ʤ���С������ 2 �Ԥˤ�ä�192.168.54.1 �������³
# �λ�ߤ򤹤٤Ƶ��ݡ�(���ι��ܤ��ǽ�˾ȹ礵��뤿��Ǥ���)
# �����������󥿡��ͥåȾ��¾�Τ��٤Ƥξ�꤫��� Kerberos 5��³�ϵ��ġ�
# �����ޥ����ϡ��ۥ��� IP ���ɥ쥹�ΥӥåȤ��θ������
# �ɤΥۥ��ȤǤ�ȹ�Ǥ��뤳�Ȥ��̣���롣
# 
# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
host    all         all         192.168.54.1/32       reject
host    all         all         0.0.0.0/0             krb5

# 192.168.x.x �ۥ��Ȥ���Υ桼������ident �����å����̤��硢
# �ɤΥǡ����١����ˤǤ���³����ġ��⤷���㤨�С�ident ����bryanh�פ�ǧ�ꤷ
# ��bryanh�פ� PostgreSQL �Υ桼����guest1�פȤ���
# ��³�׵��Ф���硢��bryanh�פϡ�guest1�פȤ�����³�����Ĥ���ޤ��Ȥ���
# �ޥåס�omicron�פ��Ф��뵭�ܻ��ब pg_ident.conf �ˤ������³����ġ�
#
# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
host    all         all         192.168.0.0/16        ident omicron

# ����������³���Ф��ơ��ʲ��Τ��ä� 3 �Ԥ������ܤ��ʤ���硢��������桼���� 
# ��ʬ�Υǡ����١��� (�桼��̾��Ʊ��̾���Υǡ����١���) �ˤΤ���³���ġ�
# �����������Ԥȥ��롼�ס�support�פΥ��ФϤ��٤ƤΥǡ����١�������³��ǽ��
# $PGDATA/admins �ե�����ϥ桼��̾�Υꥹ�Ȥ�ޤࡣ  
# ���٤Ƥξ��˥ѥ���ɤ�ɬ�ס�
#
# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
local   sameuser    all                               md5
local   all         @admins                           md5
local   all         +support                          md5

# �嵭�κǸ�� 2 �Ԥ� 1 �ĤιԤˤޤȤ�뤳�Ȥ���ǽ��
local   all         @admins,+support                  md5

# �ǡ����١�������ˤϥꥹ�Ȥ�ե�����̾����ѤǤ��뤬�����롼�פϻ��ѤǤ��ʤ���
local   db1,db2,@demodbs  all                         md5

��Υڡ��	�ۡ��	��Υڡ��
�ơ��֥��	��	ǧ��

�� 19�ϥ��饤�����ǧ��

19.1. pg_hba.conf �ե�����

�� 19�ϥ��饤��ǧ��

19.1. `pg_hba.conf` �ե��