Configure client authentication in YSQL

YugabyteDB client authentication for YSQL is managed by the YB-TServer --ysql_hba_conf_csv configuration flag, which works similarly to the pg_hba.conf file in PostgreSQL.

The values include records that specify allowed connection types, users, client IP addresses, and the authentication method.

Records in the YugabyteDB ysql_hba.conf file are auto generated based on the values included in the --ysql_hba_conf_csv flag.

For example, starting a YB-TServer with the following --ysql_hba_conf_csv flag enables trust authentication for all users:

--ysql_hba_conf_csv='host all all 0.0.0.0/0 trust, host all all ::0/0 trust'

To display the current values in the ysql_hba.conf file, run the following SHOW statement to get the file location:

yugabyte=# SHOW hba_file;
                     hba_file
-------------------------------------------------------
 /Users/yugabyte/yugabyte-data/node-1/disk-1/pg_data/ysql_hba.conf
(1 row)

and then view the file. Here is an example of ysql_hba.conf file contents.

# This is an autogenerated file, do not edit manually!
host all all 0.0.0.0/0 trust
host all all ::0/0 trust

For more information, refer to Host-based authentication.