diff --git a/defaults/main.yml b/defaults/main.yml
index 69c8576..72065d0 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -28,3 +28,8 @@ postgres_tls_source_use_content: False
 postgres_tls_source_use_files: True
 postgres_tls_cert_source: mycert.pem
 postgres_tls_key_source: mykey.pem
+
+postgresql_hba_entries:
+  - {type: local, database: all, user: all, auth_method: md5}
+  - {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5}
+  - {type: host, database: all, user: all, address: '::1/128', auth_method: md5}
diff --git a/tasks/config.yml b/tasks/config.yml
index d45b66a..fab67ba 100644
--- a/tasks/config.yml
+++ b/tasks/config.yml
@@ -6,5 +6,10 @@
       dest: "{{ __postgres_config_path }}/postgresql.conf"
       mode: 0600
     notify: __postgres_restart
+  - name: Setup client authentication
+    template:
+      src: postgresql/data/pq_hba.conf.j2
+      dest: "{{ __postgres_config_path }}/pg_hba.conf"
+      mode: 0600
   become: True
   become_user: root
diff --git a/templates/postgresql/data/pg_hba.conf.j2 b/templates/postgresql/data/pg_hba.conf.j2
new file mode 100644
index 0000000..bbcaeac
--- /dev/null
+++ b/templates/postgresql/data/pg_hba.conf.j2
@@ -0,0 +1,10 @@
+{{ ansible_managed | comment }}
+# PostgreSQL Client Authentication Configuration File
+# ===================================================
+#
+# See: https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html
+
+# TYPE  DATABASE        USER            ADDRESS                 METHOD
+{% for client in postgresql_hba_entries %}
+{{ client.type }} {{ client.database }} {{ client.user }} {{ client.address|default('') }} {{ client.ip_address|default('') }} {{ client.ip_mask|default('') }} {{ client.auth_method }} {{ client.auth_options|default("") }}
+{% endfor %}