diff options
author | Jade <software@lfcode.ca> | 2020-10-31 00:35:19 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-10-31 03:35:19 -0400 |
commit | 2df221ec8a95566ba771f102fd421c12b41d875c (patch) | |
tree | 8b3fd19a672844913758aceec2b45971c83e1276 | |
parent | 0544a7f672749c88b7569f49b33ed5f2437a2e15 (diff) | |
download | nixlib-2df221ec8a95566ba771f102fd421c12b41d875c.tar nixlib-2df221ec8a95566ba771f102fd421c12b41d875c.tar.gz nixlib-2df221ec8a95566ba771f102fd421c12b41d875c.tar.bz2 nixlib-2df221ec8a95566ba771f102fd421c12b41d875c.tar.lz nixlib-2df221ec8a95566ba771f102fd421c12b41d875c.tar.xz nixlib-2df221ec8a95566ba771f102fd421c12b41d875c.tar.zst nixlib-2df221ec8a95566ba771f102fd421c12b41d875c.zip |
nixos/postgresql: fix inaccurate docs for authentication (#97622)
* nixos/postgresql: fix inaccurate docs for authentication We actually use peer authentication, then md5 based authentication. trust is not used. * Use a link for mkForce docs Co-authored-by: aszlig <aszlig@redmoonstudios.org> Co-authored-by: lf- <lf-@users.noreply.github.com> Co-authored-by: aszlig <aszlig@redmoonstudios.org>
-rw-r--r-- | nixos/modules/services/databases/postgresql.nix | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index 5056d50153f6..f582b0592774 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -69,11 +69,16 @@ in type = types.lines; default = ""; description = '' - Defines how users authenticate themselves to the server. By - default, "trust" access to local users will always be granted - along with any other custom options. If you do not want this, - set this option using "lib.mkForce" to override this - behaviour. + Defines how users authenticate themselves to the server. See the + <link xlink:href="https://www.postgresql.org/docs/current/auth-pg-hba-conf.html"> + PostgreSQL documentation for pg_hba.conf</link> + for details on the expected format of this option. By default, + peer based authentication will be used for users connecting + via the Unix socket, and md5 password authentication will be + used for users connecting via TCP. Any added rules will be + inserted above the default rules. If you'd like to replace the + default rules entirely, you can use <function>lib.mkForce</function> in your + module. ''; }; |