Configure client authentication in YSQL
This page documents the preview version (v2.21). Preview includes features under active development and is for development and testing only. For production, use the stable version (v2024.1). To learn more, see Versioning.
YugabyteDB client authentication for YSQL is managed by the YB-TServer --ysql_hba_conf_csv configuration flag, which works similarly to the pg_hba.conf file in PostgreSQL.
The values include records that specify allowed connection types, users, client IP addresses, and the authentication method.
Records in the YugabyteDB ysql_hba.conf
file are auto generated based on the values included in the --ysql_hba_conf_csv
flag.
For example, starting a YB-TServer with the following --ysql_hba_conf_csv
flag enables trust authentication for all users:
--ysql_hba_conf_csv='host all all 0.0.0.0/0 trust, host all all ::0/0 trust'
To display the current values in the ysql_hba.conf
file, run the following SHOW
statement to get the file location:
yugabyte=# SHOW hba_file;
hba_file
-------------------------------------------------------
/Users/yugabyte/yugabyte-data/node-1/disk-1/pg_data/ysql_hba.conf
(1 row)
and then view the file. Here is an example of ysql_hba.conf
file contents.
# This is an autogenerated file, do not edit manually!
host all all 0.0.0.0/0 trust
host all all ::0/0 trust
For more information, refer to Host-based authentication.