Modify Configuration file

Authentication Config File

The PG _ hba. Conf is used for host-based authentication Config File, where hba (host-based authentication) means host-based authentication. A common format for PG _ hba. Conf is a set of records, one entry per line. Each record declares a join type, a client IP address, a database name, a user name, and the authentication method to use for joins that match these parameters, in the form:

TYPE DATABASE USER CIDR-ADDRESS METHOD

The usage of these parameters is described in detail below.

  • TYPE

    Type declares the join type that the record matches. There are four join types, local, host, hostssl, and hostnssl.

    • local: Matches a join attempt through a Unix domain socket. Without a record of this type, a join of Unix domain sockets is not allowed.
    • host: Matches connection attempts over TCP/IP. The host record matches SSL and non-SSL connection requests.

      Unless the server is started with the appropriate listen _ addresses configuration parameter value, remote TCP/IP connections will not be possible because the default behavior is to listen only for connections from the local address (localhost).

    • hostssl: Match SSL join attempts using TCP/IP. But it must be an SSL-encrypted join with SSL turned on in the PostgreSQL. Conf, that is, "SSL = on".
    • Hostnossl: This is the reverse of hostssl, which only matches requests that do not use SSL connections over TCP/IP.
  • DATABASE Database Name against which the record is

    declared. A value of "all" indicates that the record matches the All Data database; a value of "sameuser" indicates a match if the requested database has the same name as the requesting user; The value "samerole" means that the requested user must be a member of a group with the same name as the database ( "samegroup" is a synonym for "samerole" which is obsolete but still accepted). In other cases, this is the name of a particular PostgreSQL. We can declare multiple databases by separating them with commas, and declare a separate file containing the database name by prefixing the file with @.

  • USER

    Declares the matching database user. The value "all" indicates that it matches all users; Otherwise, it is the name of a particular database user, or a group name with a prefix of +. (Note that in PostgreSQL, there is no real distinction between user and group, and + really just means "match any member directly or indirectly belonging to this role," whereas a name without a + only matches the specified role.). You can declare multiple user names by separating them with commas, and you can declare a file that contains user names by prefixing the file name with @.

  • CIDR-ADDRESS

    Declare the IP address ranges of the client machines that this record matches. It contains a standard dotted-decimal IP address and a CIDR mask length (IP addresses can only be declared with numeric values, not with domain or host names). The mask length indicates the number of high-order binary bits that the client IP address must match. In a given IP address, the binary bit to the right of this length must be zero. Cannot have white space between IP address, '/', and CIDR mask length.

    A

    typical CIDR-ADDRESS is 172.20.143.89/32, which is one host, or 172.20.143.0/24, which is one network. To declare a single host, a CIDR mask of 32 is declared for the IPv4 address and 128 for the IPv6 address.

    An IP address given

    in IPv4 format will match IPv6 connections that have a corresponding address, such as 127.0.0.1 will match the IPv6 address: ffff: 127.0.0.1. A record given in IPv6 format will only match IPv6 connections, even if the corresponding address is in the IPv4-in-IPv6 range. Note that if the system's C library does not support IPv6 addresses, the IPv6 format will be rejected.

    This field applies only to host, hostssl, and hostnossl records.

  • METHOD Method of authentication

    of METHOD matching records. PostgreSQL provides five authentication methods, namely trust, reject, MD5, crypt, and password.

    • This method allows any user who can connect to the PostgreSQL database server to connect as any PostgreSQL database user they want, without a password.
    • reject: The join is unconditionally rejected. Often used to "filter" certain hosts from a group.
    • MD5: The client is required to provide an MD5-encrypted password for authentication.
    • crypt: Requires the client to provide a crypt () encrypted password for authentication. This option is only recommended when communicating with clients prior to 7.2. It is now recommended to use the MD5 authentication method.
    • password: Requires the client to provide an unencrypted password for authentication. Because passwords are passed over the network in clear text, this method should not be used on incomplete networks, and it generally cannot be used with threaded client applications.

For example, any host with an IP address of 192.168.93.x is allowed to connect to the "postgres" database, and these hosts need to provide the correct password to connect. This record reads:

TYPE DATABASE USER CIDR-ADDRESS METHOD
host postgres all 192.168.93.0/24 md5

Database Config File

The PostgreSQL. Conf is the database Config File, which provides a number of database configuration parameters, Including File Position, connection and authentication, resource consumption, pre-written log, query rules, error report and log, runtime statistics, automatic cleaning, client connection default, lock management, version and platform compatibility, preset options and customized options. And these parameters are in the comment state before setting. Please refer to the Help of PostgreSQL database for how to set them. Here are only two parameters that need to be modified when configuring a remote connection: listen _ address and port, that is, uncomment. The setting method is as follows:

Copy
  listen_address='*' port = 5432

Related topics

Configure the server