How does postgres host based authentication work?
-
29-01-2021 - |
Question
This is a duplicate of: https://stackoverflow.com/questions/55804806/how-does-postgres-host-based-authentication-work
(I was asked to shift this query to DBA.Stackexchange)
I am installing DSPACE which needs Postgresql.
Please see this link: DSPACE INSTALL
It says:
Then tighten up security a bit by editing pg_hba.conf and adding this line:
host dspace dspace 127.0.0.1 255.255.255.255 md5.
I have read on the internet as to how the above line works. It needs a connection type followed by database name/user name followed by IP address and the authentication scheme.
My query is: Should this not be a local (in place of host) connection since the dspace user is running locally?
Can someone show me step by step as to what happens when a request comes in? Where are the instructions that the dspace user will submit a request using md5?
La solution
A local
connection uses a Unix-domain socket; a host
connection uses TCP.
The linked page says that
you need to enable TCP/IP connections (DSpace uses JDBC)
… because JDBC does not have built-in support for Unix-domain sockets.
As long as a connection is allowed only from localhost
(as configured in pg_hba.conf
) and only to localhost
(as configued by listen_addresses
), it is as secure as a local
connection.
The md5
is just an option that specifies how the password is to be encrypted during the connection setup; this is handled automatically by the JDBC driver. For a local connection, or for a connection over SSL, this does not really matter.