===== service postgresql =====

useflags:
> ''server threads zlib -doc -kerberos -ldap -libressl -nls -pam -perl -pg_legacytimestamp -python -readline (-selinux) -ssl -static-libs -tcl -uuid -xml''

==== diff /etc/postgresql-9.6/postgresql.conf ====
<code>
59a60
> listen_addresses = '*'
</code>

==== diff /etc/postgresql-9.6/pg_hba.conf ====
<code>
1,93c1,8
< # PostgreSQL Client Authentication Configuration File
< # ===================================================
< #
< # Refer to the "Client Authentication" section in the PostgreSQL
< # documentation for a complete description of this file.  A short
< # synopsis follows.
< #
< # This file controls: which hosts are allowed to connect, how clients
< # are authenticated, which PostgreSQL user names they can use, which
< # databases they can access.  Records take one of these forms:
< #
< # local      DATABASE  USER  METHOD  [OPTIONS]
< # host       DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
< # hostssl    DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
< # hostnossl  DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
< #
< # (The uppercase items must be replaced by actual values.)
< #
< # The first field is the connection type: "local" is a Unix-domain
< # socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
< # "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
< # plain TCP/IP socket.
< #
< # DATABASE can be "all", "sameuser", "samerole", "replication", a
< # database name, or a comma-separated list thereof. The "all"
< # keyword does not match "replication". Access to replication
< # must be enabled in a separate record (see example below).
< #
< # USER can be "all", a user name, a group name prefixed with "+", or a
< # comma-separated list thereof.  In both the DATABASE and USER fields
< # you can also write a file name prefixed with "@" to include names
< # from a separate file.
< #
< # ADDRESS specifies the set of hosts the record matches.  It can be a
< # host name, or it is made up of an IP address and a CIDR mask that is
< # an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
< # specifies the number of significant bits in the mask.  A host name
< # that starts with a dot (.) matches a suffix of the actual host name.
< # Alternatively, you can write an IP address and netmask in separate
< # columns to specify the set of hosts.  Instead of a CIDR-address, you
< # can write "samehost" to match any of the server's own IP addresses,
< # or "samenet" to match any address in any subnet that the server is
< # directly connected to.
< #
< # METHOD can be "trust", "reject", "md5", "password", "gss", "sspi",
< # "ident", "peer", "pam", "ldap", "radius" or "cert".  Note that
< # "password" sends passwords in clear text; "md5" is preferred since
< # it sends encrypted passwords.
< #
< # OPTIONS are a set of options for the authentication in the format
< # NAME=VALUE.  The available options depend on the different
< # authentication methods -- refer to the "Client Authentication"
< # section in the documentation for a list of which options are
< # available for which authentication methods.
< #
< # Database and user names containing spaces, commas, quotes and other
< # special characters must be quoted.  Quoting one of the keywords
< # "all", "sameuser", "samerole" or "replication" makes the name lose
< # its special character, and just match a database or username with
< # that name.
< #
< # This file is read on server startup and when the postmaster receives
< # a SIGHUP signal.  If you edit the file on a running system, you have
< # to SIGHUP the postmaster for the changes to take effect.  You can
< # use "pg_ctl reload" to do that.
< 
< # Put your actual configuration here
< # ----------------------------------
< #
< # If you want to allow non-local connections, you need to add more
< # "host" records.  In that case you will also need to make PostgreSQL
< # listen on a non-local interface via the listen_addresses
< # configuration parameter, or via the -i or -h command line switches.
< 
< # CAUTION: Configuring the system for local "trust" authentication
< # allows any local user to connect as any PostgreSQL user, including
< # the database superuser.  If you do not trust all your local users,
< # use another authentication method.
< 
< 
< # TYPE  DATABASE        USER            ADDRESS                 METHOD
< 
< # "local" is for Unix domain socket connections only
< local   all             all                                     trust
< # IPv4 local connections:
< host    all             all             127.0.0.1/32            trust
< # IPv6 local connections:
< host    all             all             ::1/128                 trust
< # Allow replication connections from localhost, by a user with the
< # replication privilege.
< #local   replication     postgres                                trust
< #host    replication     postgres        127.0.0.1/32            trust
< #host    replication     postgres        ::1/128                 trust
---
> host            all             postgres        127.0.0.1/32            trust
> host            all             postgres        192.168.5.0/24          trust
> hostnossl       tfr             tfr             0.0.0.0/0               md5
> hostnossl       lsb             lsb             0.0.0.0/0               md5
> hostnossl       gallery         gallery         0.0.0.0/0               md5
> hostnossl       pf              pf              0.0.0.0/0               md5
> hostnossl       mightymice      sloader         0.0.0.0/0               md5
> hostnossl       flt             flt             0.0.0.0/0               md5
</code>