20.4. Trust Authentication
authentication is specified,
assumes that anyone who can
connect to the server is authorized to access the database with
whatever database user name they specify (even superuser names).
Of course, restrictions made in the
columns still apply.
This method should only be used when there is adequate
operating-system-level protection on connections to the server.
authentication is appropriate and very
convenient for local connections on a single-user workstation. It
appropriate by itself on a multiuser
machine. However, you might be able to use
on a multiuser machine, if you restrict access to the server's
Unix-domain socket file using file-system permissions. To do this, set the
) configuration parameters as
. Or you
could set the
configuration parameter to place the socket file in a suitably
Setting file-system permissions only helps for Unix-socket connections.
Local TCP/IP connections are not restricted by file-system permissions.
Therefore, if you want to use file-system permissions for local security,
host ... 127.0.0.1 ...
, or change it to a
authentication is only suitable for TCP/IP connections
if you trust every user on every machine that is allowed to connect
to the server by the
lines that specify
. It is seldom reasonable to use
for any TCP/IP connections other than those from