summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBruce Momjian2023-11-03 18:03:22 +0000
committerBruce Momjian2023-11-03 18:03:22 +0000
commitd594e0daf79f9e55d5308074d1ef801e9da285ac (patch)
tree376a3c4a3e55f1eeb8d9d4e0659b801d2c1f564e
parent42d3125adae176cb7dcf7a4d896a78e615f6bbb4 (diff)
doc: move HBA reload instructions above the syntax details
Reported-by: John <[email protected]> Discussion: https://postgr.es/m/[email protected] Backpatch-through: master
-rw-r--r--doc/src/sgml/client-auth.sgml101
1 files changed, 51 insertions, 50 deletions
diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index 2f1bd6fc8a..477f70a65d 100644
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@@ -74,6 +74,35 @@
</para>
<para>
+ The <filename>pg_hba.conf</filename> file is read on start-up and when
+ the main server process receives a
+ <systemitem>SIGHUP</systemitem><indexterm><primary>SIGHUP</primary></indexterm>
+ signal. If you edit the file on an
+ active system, you will need to signal the postmaster
+ (using <literal>pg_ctl reload</literal>, calling the SQL function
+ <function>pg_reload_conf()</function>, or using <literal>kill
+ -HUP</literal>) to make it re-read the file.
+ </para>
+
+ <note>
+ <para>
+ The preceding statement is not true on Microsoft Windows: there, any
+ changes in the <filename>pg_hba.conf</filename> file are immediately
+ applied by subsequent new connections.
+ </para>
+ </note>
+
+ <para>
+ The system view
+ <link linkend="view-pg-hba-file-rules"><structname>pg_hba_file_rules</structname></link>
+ can be helpful for pre-testing changes to the <filename>pg_hba.conf</filename>
+ file, or for diagnosing problems if loading of the file did not have the
+ desired effects. Rows in the view with
+ non-null <structfield>error</structfield> fields indicate problems in the
+ corresponding lines of the file.
+ </para>
+
+ <para>
The general format of the <filename>pg_hba.conf</filename> file is
a set of records, one per line. Blank lines are ignored, as is any
text after the <literal>#</literal> comment character.
@@ -733,35 +762,6 @@ openssl x509 -in myclient.crt -noout --subject -nameopt RFC2253 | sed "s/^subjec
range of allowed client IP addresses.
</para>
- <para>
- The <filename>pg_hba.conf</filename> file is read on start-up and when
- the main server process receives a
- <systemitem>SIGHUP</systemitem><indexterm><primary>SIGHUP</primary></indexterm>
- signal. If you edit the file on an
- active system, you will need to signal the postmaster
- (using <literal>pg_ctl reload</literal>, calling the SQL function
- <function>pg_reload_conf()</function>, or using <literal>kill
- -HUP</literal>) to make it re-read the file.
- </para>
-
- <note>
- <para>
- The preceding statement is not true on Microsoft Windows: there, any
- changes in the <filename>pg_hba.conf</filename> file are immediately
- applied by subsequent new connections.
- </para>
- </note>
-
- <para>
- The system view
- <link linkend="view-pg-hba-file-rules"><structname>pg_hba_file_rules</structname></link>
- can be helpful for pre-testing changes to the <filename>pg_hba.conf</filename>
- file, or for diagnosing problems if loading of the file did not have the
- desired effects. Rows in the view with
- non-null <structfield>error</structfield> fields indicate problems in the
- corresponding lines of the file.
- </para>
-
<tip>
<para>
To connect to a particular database, a user must not only pass the
@@ -933,6 +933,28 @@ local db1,db2,@demodbs all md5
As for <filename>pg_hba.conf</filename>, the lines in this file can
be include directives, following the same rules.
</para>
+
+ <para>
+ The <filename>pg_ident.conf</filename> file is read on start-up and
+ when the main server process receives a
+ <systemitem>SIGHUP</systemitem><indexterm><primary>SIGHUP</primary></indexterm>
+ signal. If you edit the file on an
+ active system, you will need to signal the postmaster
+ (using <literal>pg_ctl reload</literal>, calling the SQL function
+ <function>pg_reload_conf()</function>, or using <literal>kill
+ -HUP</literal>) to make it re-read the file.
+ </para>
+
+ <para>
+ The system view
+ <link linkend="view-pg-ident-file-mappings"><structname>pg_ident_file_mappings</structname></link>
+ can be helpful for pre-testing changes to the
+ <filename>pg_ident.conf</filename> file, or for diagnosing problems if
+ loading of the file did not have the desired effects. Rows in the view with
+ non-null <structfield>error</structfield> fields indicate problems in the
+ corresponding lines of the file.
+ </para>
+
<para>
There is no restriction regarding how many database users a given
operating system user can correspond to, nor vice versa. Thus, entries
@@ -1000,27 +1022,6 @@ mymap /^(.*)@otherdomain\.com$ guest
</tip>
<para>
- The <filename>pg_ident.conf</filename> file is read on start-up and
- when the main server process receives a
- <systemitem>SIGHUP</systemitem><indexterm><primary>SIGHUP</primary></indexterm>
- signal. If you edit the file on an
- active system, you will need to signal the postmaster
- (using <literal>pg_ctl reload</literal>, calling the SQL function
- <function>pg_reload_conf()</function>, or using <literal>kill
- -HUP</literal>) to make it re-read the file.
- </para>
-
- <para>
- The system view
- <link linkend="view-pg-ident-file-mappings"><structname>pg_ident_file_mappings</structname></link>
- can be helpful for pre-testing changes to the
- <filename>pg_ident.conf</filename> file, or for diagnosing problems if
- loading of the file did not have the desired effects. Rows in the view with
- non-null <structfield>error</structfield> fields indicate problems in the
- corresponding lines of the file.
- </para>
-
- <para>
A <filename>pg_ident.conf</filename> file that could be used in
conjunction with the <filename>pg_hba.conf</filename> file in <xref
linkend="example-pg-hba.conf"/> is shown in <xref