ContextQMD
Back to Yugabyte Db

Configure client authentication in YSQL

docs/content/v2.20/secure/enable-authentication/ysql_hba_conf-configuration.md

2026.1.0.0-b291.6 KB
Original Source
<ul class="nav nav-tabs-alt nav-tabs-yb"> <li > <a href="../ysql_hba_conf-configuration/" class="nav-link active"> <i class="icon-postgres" aria-hidden="true"></i> YSQL </a> </li> </ul>

YugabyteDB client authentication for YSQL is managed by the YB-TServer --ysql_hba_conf_csv configuration flag, which works similarly to the pg_hba.conf file in PostgreSQL.

The values include records that specify allowed connection types, users, client IP addresses, and the authentication method.

Records in the YugabyteDB ysql_hba.conf file are auto generated based on the values included in the --ysql_hba_conf_csv flag.

For example, starting a YB-TServer with the following --ysql_hba_conf_csv flag enables trust authentication for all users:

sh
--ysql_hba_conf_csv='host all all 0.0.0.0/0 trust, host all all ::0/0 trust'

To display the current values in the ysql_hba.conf file, run the following SHOW statement to get the file location:

sql
yugabyte=# SHOW hba_file;
output
                     hba_file
-------------------------------------------------------
 /Users/yugabyte/yugabyte-data/node-1/disk-1/pg_data/ysql_hba.conf
(1 row)

and then view the file. Here is an example of ysql_hba.conf file contents.

output
# This is an autogenerated file, do not edit manually!
host all all 0.0.0.0/0 trust
host all all ::0/0 trust

For more information, refer to Host-based authentication.