HBA style rules for allowing/denying access

Question

HBA style rules for allowing/denying access

Opened this issue a year ago · 1 comments

Is your feature request related to a problem? Please describe.
I need a more fine grained way of configuring permissions.

Describe the solution you'd like
Both Postgres and PgBouncer allow controlling access to certain databases based on source and can require different kinds of authentication for them. This is especially useful in combination with UNIX sockets, where you can use trust auth to allow connections to the socket. Or for example not allowing network access to the admin database (even if the password was leaked). Using the same file format would be preferable, to stay consistent with the ecosystem.

Answer 1 · 2024-05-04T15:02:23.000Z

+1 to this enhancement. One of the main things keeping me from using pgcat is how restrictive the auth is compared to postgres auth, or even pgbouncer. Postgres allows scram, LDAP, pam, kerberos, trust. Pgbouncer allows trust, pam, and scram.

Moving towards a more fine grained way of permissioning users would probably make it much easier to open up other auth avenues down the road.