There is no “ fall-through” or “ backup”: if one record is chosen and the authentication fails, subsequent records are not considered. The first record with a matching connection type, client address, requested database, and user name is used to perform authentication. Backslash line continuation applies even within quoted text or comments.Įach authentication record specifies a connection type, a client IP address range (if relevant for the connection type), a database name, a user name, and the authentication method to be used for connections matching these parameters. Quoting one of the keywords in a database, user, or address field (e.g., all or replication) makes the word lose its special meaning, and just match a database, user, or host with that name. Fields can contain white space if the field value is double-quoted. (Backslashes are not special except at the end of a line.) A record is made up of a number of fields which are separated by spaces and/or tabs. A record can be continued onto the next line by ending the line with a backslash. Blank lines are ignored, as is any text after the # comment character. The general format of the pg_hba.conf file is a set of records, one per line. It is possible to place the authentication configuration file elsewhere, however see the hba_file configuration parameter. ( HBA stands for host-based authentication.) A default pg_hba.conf file is installed when the data directory is initialized by initdb. Client authentication is controlled by a configuration file, which traditionally is named pg_hba.conf and is stored in the database cluster's data directory.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |