Database Administration - PostgreSQL: Up and Running

Database Reference

In-Depth Information

A common culprit is setting shared_buffers too high. Another suspect is an old

postmaster.pid left over from a failed shutdown. You can safely delete this file, which is

located in the data cluster folder, and try restarting again.

pg_hba.conf

The pg_hba.conf file controls which and how users can connect to PostgreSQL databa‐

ses. Changes to the file require a reload or a server restart to take effect. A typical

pg_hba.conf looks like Example 2-3 .

Example 2-3. Sample pg_hba.conf

# TYPE DATABASE USER ADDRESS METHOD

# IPv4 local connections:

host all all 127.0.0.1/32 ident

# IPv6 local connections:

host all all ::1/128 trust

host all all 192.168.54.0/24 md5

hostssl all all 0.0.0.0/0 md5

# Allow replication connections from localhost, by a user with the

# replication privilege.

#host replication postgres 127.0.0.1/32 trust

#host replication postgres ::1/128 trust

Authentication method. The usual choices are ident , trust , md5 , and pass

word . Version 9.1 introduced the peer authentication method. The ident and

peer options are available only on Linux, Unix, and the Mac, not on Windows.

More esoteric options, such as gss , radius , ldap , and pam , may not always be

installed.

IPv4 syntax for defining network range. The first part—in this case,

192.168.54.0 —is the network address, followed by /24 as the bit mask. In our

pg_hba.conf , we allow anyone in our subnet of 192.168.54.0 to connect as long

as they provide a valid md5 hashed password.

IPv6 syntax for defining network range. This applies only to servers with IPv6

support and may prevent pg_hba.conf from loading if you add this section

without actually having IPv6 networking.

SSL connection rule. In our example, we allow anyone to connect to our server

as long as they connect using SSL and have a valid md5 password.

Definition of a range of IP addresses allowed to replicate with this server. This

is new in version 9.0. These lines are remarked out in this example.

For each connection request, the postgres service checks the pg_hba.conf file from the

top down. As soon as a rule granting access is encountered, processing stops and the

connection is allowed. As soon as a rule rejecting access is encountered, processing stops

and the connection is denied. If the end of the file is reached without any matching

Search WWH ::

Custom Search

Home