Hi,
OK you are talking about host connections.
ident maps to peer for local connections, so for these I would suggest implementing local directly.
For host connections I like the idea of reject. If I remember correctly the listen_addresses must be configured anyway (for remote access).
Regards
Markus
Hi,
we use peer authentication for local connections.
local all postgres peer
By doing so you can just use #>psql as postgres-User (or using sudo -u postgres -i psql).
Could be a valid default.
Yes. I'm aware of that and think it's the sensible default for 'local' connections.
I'm talking about 'host' connections for 127.0.0.1 and ::1 . The current default for that is nonsensical IMO.