Thread: [NOVICE] Postgres authentication to multiple application servers
Hi All, We need to configure Postgres authentication for multiple application servers.The application servers are dynamic (Few will be brought down over a period and new servers will be added on adhoc basis).Also the servers IPs will be changed periodically. we cannot add/remove the application ips to pg_hba.conf file frequently as it requires restart of Postgres services. Please suggest the best authentication method in this case.We are planning to use trust in pg_hba.conf and control the access at db level using Username and password. Can we proceed with it? Regards, Padmini -- View this message in context: http://postgresql.nabble.com/Postgres-authentication-to-multiple-application-servers-tp5940791.html Sent from the PostgreSQL - novice mailing list archive at Nabble.com.
It doesn't require restart. It requires reload only.
On 24 Jan 2017 23:36, "padmini" <sireesha.padmini@gmail.com> wrote:
Hi All,
We need to configure Postgres authentication for multiple application
servers.The application servers are dynamic (Few will be brought down over a
period and new servers will be added on adhoc basis).Also the servers IPs
will be changed periodically.
we cannot add/remove the application ips to pg_hba.conf file frequently as
it requires restart of Postgres services.
Please suggest the best authentication method in this case.We are planning
to use trust in pg_hba.conf and control the access at db level using
Username and password.
Can we proceed with it?
Regards,
Padmini
--
View this message in context: http://postgresql.nabble.com/Postgres-authentication-to- multiple-application-servers- tp5940791.html
Sent from the PostgreSQL - novice mailing list archive at Nabble.com.
--
Sent via pgsql-novice mailing list (pgsql-novice@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-novice
Hello Padmini, Il 25/01/2017 00:35, padmini ha scritto: > Hi All, > > We need to configure Postgres authentication for multiple application > servers.The application servers are dynamic (Few will be brought down over a > period and new servers will be added on adhoc basis).Also the servers IPs > will be changed periodically. Check if you can group them in a subnet that will not be user for other purposes... > > we cannot add/remove the application ips to pg_hba.conf file frequently as > it requires restart of Postgres services. AFAIK it just requires a reload, without restarting server (using a subnet you have to do it less frequently, however) > > Please suggest the best authentication method in this case.We are planning > to use trust in pg_hba.conf and control the access at db level using > Username and password. If I were you, in a production environment I'd *never* use trust level, even for localhost. the best thing that comes in my mind is to set a subnet where all servers (and no one else) will reside and combine it with users, like this host all user1 192.168.1.0/32 md5 host all user2 192.168.1.0/32 md5 host all user3 192.168.1.0/32 md5 ... and so on. Best regards, Moreno > Can we proceed with it? > > Regards, > Padmini > > > > > > -- > View this message in context: http://postgresql.nabble.com/Postgres-authentication-to-multiple-application-servers-tp5940791.html > Sent from the PostgreSQL - novice mailing list archive at Nabble.com. > >
Thank you so much Moreno and wei for the replies. I will try to user the the subnet mask option as suggested and update in case of any issues. Regards, Padmini -- View this message in context: http://postgresql.nabble.com/Postgres-authentication-to-multiple-application-servers-tp5940791p5941168.html Sent from the PostgreSQL - novice mailing list archive at Nabble.com.