2 20.3. Authentication Methods #
4 PostgreSQL provides various methods for authenticating users:
5 * Trust authentication, which simply trusts that users are who they
7 * Password authentication, which requires that users send a password.
8 * GSSAPI authentication, which relies on a GSSAPI-compatible security
9 library. Typically this is used to access an authentication server
10 such as a Kerberos or Microsoft Active Directory server.
11 * SSPI authentication, which uses a Windows-specific protocol similar
13 * Ident authentication, which relies on an “Identification Protocol”
14 (RFC 1413) service on the client's machine. (On local Unix-socket
15 connections, this is treated as peer authentication.)
16 * Peer authentication, which relies on operating system facilities to
17 identify the process at the other end of a local connection. This
18 is not supported for remote connections.
19 * LDAP authentication, which relies on an LDAP authentication server.
20 * RADIUS authentication, which relies on a RADIUS authentication
22 * Certificate authentication, which requires an SSL connection and
23 authenticates users by checking the SSL certificate they send.
24 * PAM authentication, which relies on a PAM (Pluggable Authentication
26 * BSD authentication, which relies on the BSD Authentication
27 framework (currently available only on OpenBSD).
28 * OAuth authorization/authentication, which relies on an external
29 OAuth 2.0 identity provider.
31 Peer authentication is usually recommendable for local connections,
32 though trust authentication might be sufficient in some circumstances.
33 Password authentication is the easiest choice for remote connections.
34 All the other options require some kind of external security
35 infrastructure (usually an authentication server or a certificate
36 authority for issuing SSL certificates), or are platform-specific.
38 The following sections describe each of these authentication methods in
begriffs.com / projects / ai-pg / blob