This is useful for
          <quote>filtering out</quote> certain hosts from a group, for example a
          <literal>reject</literal> line could block a specific host from connecting,
          while a later line allows the remaining hosts in a specific
          network to connect.
         </para>
        </listitem>
       </varlistentry>

       <varlistentry>
        <term><literal>scram-sha-256</literal></term>
        <listitem>
         <para>
          Perform SCRAM-SHA-256 authentication to verify the user's
          password. See <xref linkend="auth-password"/> for details.
         </para>
        </listitem>
       </varlistentry>

       <varlistentry>
        <term><literal>md5</literal></term>
        <listitem>
         <para>
          Perform SCRAM-SHA-256 or MD5 authentication to verify the
          user's password. See <xref linkend="auth-password"/>
          for details.
         </para>
         <warning>
          <para>
           Support for MD5-encrypted passwords is deprecated and will be
           removed in a future release of
           <productname>PostgreSQL</productname>.  Refer to
           <xref linkend="auth-password"/> for details about migrating to
           another password type.
          </para>
         </warning>
        </listitem>
       </varlistentry>

       <varlistentry>
        <term><literal>password</literal></term>
        <listitem>
         <para>
          Require the client to supply an unencrypted password for
          authentication.
          Since the password is sent in clear text over the
          network, this should not be used on untrusted networks.
          See <xref linkend="auth-password"/> for details.
         </para>
        </listitem>
       </varlistentry>

       <varlistentry>
        <term><literal>gss</literal></term>
        <listitem>
         <para>
          Use GSSAPI to authenticate the user. This is only
          available for TCP/IP connections. See <xref
          linkend="gssapi-auth"/> for details.  It can be used in conjunction
          with GSSAPI encryption.
         </para>
        </listitem>
       </varlistentry>

       <varlistentry>
        <term><literal>sspi</literal></term>
        <listitem>
         <para>
          Use SSPI to authenticate the user. This is only
          available on Windows. See <xref
          linkend="sspi-auth"/> for details.
         </para>
        </listitem>
       </varlistentry>

       <varlistentry>
        <term><literal>ident</literal></term>
        <listitem>
         <para>
          Obtain the operating system user name of the client
          by contacting the ident server on the client
          and check if it matches the requested database user name.
          Ident authentication can only be used on TCP/IP
          connections. When specified for local connections, peer
          authentication will be used instead.
          See <xref linkend="auth-ident"/> for details.
         </para>
        </listitem>
       </varlistentry>

       <varlistentry>
        <term><literal>peer</literal></term>
        <listitem>
         <para>
          Obtain the client's operating system user name from the operating
          system and check if it matches the requested database user name.
          This is only available for local connections.
          See <xref linkend="auth-peer"/> for details.
         </para>
        </listitem>
       </varlistentry>

       <varlistentry>
        <term><literal>ldap</literal></term>
        <listitem>
         <para>
          Authenticate using an <acronym>LDAP</acronym> server. See <xref
          linkend="auth-ldap"/> for details.
         </para>
        </listitem>
       </varlistentry>

       <varlistentry>
        <term><literal>radius</literal></term>
        <listitem>
         <para>
          Authenticate using a RADIUS server. See <xref
          linkend="auth-radius"/> for details.
         </para>
        </listitem>