Configure client authentication in YSQL
YugabyteDB client authentication for YSQL is managed by the YB-TServer --ysql_hba_conf_csv configuration flag, which works similarly to the pg_hba.conf file in PostgreSQL.
The values include records that specify allowed connection types, users, client IP addresses, and the authentication method.
Records in the YugabyteDB ysql_hba.conf
file are auto generated based on the values included in the --ysql_hba_conf_csv
flag.
For example, starting a YB-TServer with the following --ysql_hba_conf_csv
flag enables trust authentication for all users:
--ysql_hba_conf_csv='host all all 0.0.0.0/0 trust, host all all ::0/0 trust'
To display the current values in the ysql_hba.conf
file, run the following SHOW
statement to get the file location:
yugabyte=# SHOW hba_file;
hba_file
-------------------------------------------------------
/Users/yugabyte/yugabyte-data/node-1/disk-1/pg_data/ysql_hba.conf
(1 row)
and then view the file. Here is an example of ysql_hba.conf
file contents.
# This is an autogenerated file, do not edit manually!
host all all 0.0.0.0/0 trust
host all all ::0/0 trust
For more information, refer to Host-based authentication.