From the objective of OSS-DB Exam Silver
- Operation and Management - configuration file
Sample Question
1.34
Choose two appropriate descriptions about authentication settings using the pg_hba.conf file.
- For security reasons, password entry is mandatory regardless of the type of authentication method you have specified.
- Instead of storing the password in the database body, you can use an external server such as LDAP.
- In order to connect to the database, the user name must be registered in pg_hba.conf.
- It is possible to specify different authentication methods depending on the network and host of the connection source.
- When the authentication method is not specified, password authentication is done by default.
※This sample exam is different from those that appear in the actual OSS-DB Exam.
2019/03/04
Answer and Explanation
hba in pg_hba.conf stands for Host Based Authentication. You can specify the authentication method for each host or network to which the database is connected and for each database name and user name of the connection destination.
In addition to password authentication (md 5), there are many authentication methods such as substituting for user authentication of OS (ident), using LDAP server (ldap), using client certificate (cert). In some methods, password input is unnecessary.
In addition to password authentication (md 5), there are many authentication methods such as substituting for user authentication of OS (ident), using LDAP server (ldap), using client certificate (cert). In some methods password input is unnecessary.
In each line of pg_hba.conf, the user name is also described, but by specifying ""all"" as the user name, it is possible to describe all the authentication methods of all users collectively, so it is necessary to register each user in pg_hba.conf There is no (although it is different when changing the authentication method for each user).
If the authentication method line corresponding to the combination of the connection source host, destination database, and user name does not exist in pg_hba.conf, the connection is refused.
In each line of pg_hba.conf, the user name is also described, but by specifying all as the user name, you can write all the authentication methods of all users at once. Therefore, it is not necessary to register individual users in pg_hba.conf. (However, it is different when changing the authentication method for each user.)
If the authentication method line corresponding to the combination of the connection source host, destination database, and user name does not exist in pg_hba.conf, the connection is refused.
Therefore, the correct answers are B and D.