![]() The value samerole specifies that the requested user must be a member of the role with the same name as the requested database. The value sameuser specifies that the record matches if the requested database has the same name as the requested user. The value all specifies that it matches all databases. Specifies which database name(s) this record matches. ![]() This record type has the opposite behavior of hostgssenc it only matches connection attempts made over TCP/IP that do not use GSSAPI encryption. Otherwise, the hostgssenc record is ignored except for logging a warning that it cannot match any connections. To make use of this option the server must be built with GSSAPI support. This record matches connection attempts made using TCP/IP, but only when the connection is made with GSSAPI encryption. This record type has the opposite behavior of hostssl it only matches connection attempts made over TCP/IP that do not use SSL. Otherwise, the hostssl record is ignored except for logging a warning that it cannot match any connections. Furthermore, SSL must be enabled by setting the ssl configuration parameter (see Section 19.9 for more information). To make use of this option the server must be built with SSL support. This record matches connection attempts made using TCP/IP, but only when the connection is made with SSL encryption. Remote TCP/IP connections will not be possible unless the server is started with an appropriate value for the listen_addresses configuration parameter, since the default behavior is to listen for TCP/IP connections only on the local loopback address localhost. Hostnogssenc database user IP-address IP-mask auth-method Hostgssenc database user IP-address IP-mask auth-method Hostnossl database user IP-address IP-mask auth-method Hostssl database user IP-address IP-mask auth-method Host database user IP-address IP-mask auth-method Hostnogssenc database user address auth-method Hostgssenc database user address auth-method Hostnossl database user address auth-method Hostssl database user address auth-method There is no “ fall-through” or “ backup”: if one record is chosen and the authentication fails, subsequent records are not considered. The first record with a matching connection type, client address, requested database, and user name is used to perform authentication. Backslash line continuation applies even within quoted text or comments.Įach record specifies a connection type, a client IP address range (if relevant for the connection type), a database name, a user name, and the authentication method to be used for connections matching these parameters. Quoting one of the keywords in a database, user, or address field (e.g., all or replication) makes the word lose its special meaning, and just match a database, user, or host with that name. Fields can contain white space if the field value is double-quoted. (Backslashes are not special except at the end of a line.) A record is made up of a number of fields which are separated by spaces and/or tabs. A record can be continued onto the next line by ending the line with a backslash. Blank lines are ignored, as is any text after the # comment character. The general format of the pg_hba.conf file is a set of records, one per line. It is possible to place the authentication configuration file elsewhere, however see the hba_file configuration parameter. ( HBA stands for host-based authentication.) A default pg_hba.conf file is installed when the data directory is initialized by initdb. The following example shows valid IP address configurations on two loopback interfaces.Client authentication is controlled by a configuration file, which traditionally is named pg_hba.conf and is stored in the database cluster's data directory. Up to thirty-two IP addresses are supported on a loopback interface. You can configure multiple IP addresses on a loopback interface ( lo0 to lo7). In the same way, if you configure a loopback interface ( lo1) with IP address 172.16.101.8, you cannot configure another loopback interface ( lo2) with IP address 172.16.101.8. This means that the address cannot be used by a VLAN interface or another loopback interface.įor example, if you configure a VLAN with IP address 172.16.100.8/24, you cannot configure a loopback interface with IP address 172.16.100.8. The maximum number of IP addresses supported on a switch is 2048, which includes all IP addresses configured for both VLANs and loopback interfaces (except for the default loopback IP address 127.0.0.1).Įach IP address that you configure on a loopback interface must be unique in the switch. Loopback interfaces share the same IP address space with VLAN configurations. You can configure a loopback interface only from the CLI you cannot configure a loopback interface from the WebAgent or Menu interface.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |