Module-6

Configuration
Files
Module Objective:
• Postgresql.conf File
• Pg Catalog tables to view File settings
• Postgresql.auto.conf
• Pg_ident.conf with sample
• Pg_hba.conf with sample
Postgresql.conf File

• Postgresql.conf file contains parameters to help configure and

manage performance of the database server.
• Initdb installs a default copy of postgresql.conf and is usually located
in data directory.
• The file follows one parameter per line format.
• Parameters which requires restart are clearly marked in the file.
• Many parameter needs a server restart to take effect.
Pg Catalog tables
• Pg_settings table provides access to run-time parameters of the server.
• It is a alternate interface to SHOW command.
• Pg_file_settings provides a summary of the contents of the server's
configuration file.
• This view is helpful for checking whether planned changes in the
configuration files will work
• Each “name = value” entry appearing in the files has a corresponding
applied column.
Change parameters in Postgresql.conf
• Check the value to be modified
• Backup the file before making modifications.
• Remove the # from the parameter to edit (if the # exist)
• Check the parameter needs a restart of postgresql.
• Edit the existing value with desired value.
• Restart postgres
• Check the value via pg catalog tables
Postgresql.auto.conf

• This file hold settings provided through Alter system command.

• Settings in postgresql.auto.conf overrides the settings in
postgresql.conf.
• ”Alter system” command provides a SQL-accessible means of
changing global defaults.
• Syntax : ALTER SYSTEM SET configuration_parameter = 'value'
• Syntax to reset : ALTER SYSTEM RESET configuration_parameter;
• Syntax to reset all : ALTER SYSTEM RESET ALL;
Pg_ident.conf

• Configuration to indicate which map to use for each individual connection.

• User name maps are defined in the ident map file.
• Pg_ident.conf file is read on start-up and any changes needs pg_ctl reload
• Operating system user that initiated the connection might not be the same
as the database user.
• User name map can be applied to map the operating system user name to
a database user.
• pg_ident.conf is used in conjuction with pg_hba.conf.
Pg_ident.conf - Sample

• # MAP IDENT POSTGRESQL_USERNAME

• sales rmartin sales
• sales jpenny sales
• audit auditor sales
• audit auditor postgres
• The file shown in allows either of the system users rmartin or jpenny to
connect as the PostgreSQL sales user, and allows the system user
named auditor to connect to PostgreSQL as either sales, or postgres.
Pg_hba.conf

• Enables client authentication between the PostgreSQL server and the

client application.
• HBA means host based authentication.
• PostgreSQL receives a connection request it will check the ”pg_hba.conf”
file to verify that the machine from which the application is requesting a
connection has rights to connect to the specified database.
• PostgreSQL rejects a connection if an entry is not found in pg_hba.conf
file.
Pg_hba.conf - Sample
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 md5
(/32 is a network mask)
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
host replication all 127.0.0.1/32 trust
host replication all ::1/128 trust
Pg_hba.conf - Type
• Host: is used to specify remote hosts that are allowed to connect to the
PostgreSQL server. PostgreSQL's postmaster backend must be running
with the -i option (TCP/IP) in order for a host entry to work correctly.
• Local : is semantically the same as a host entry. However, you do not need
to specify a host that is allowed to connect. The local entry is used for
client connections that are initiated from the same machine that the
PostgreSQL server is operating on.
• Hostssl: is user to specify hosts (remote or local) that are allowed to
connect to the PostgreSQL server using SSL.
Pg_hba.conf - Database
• This is the database name that the specified host is allowed to
connect to. The database keyword has three possible values:
• All : keyword specifies that the client connecting can connect to any
database the PostgreSQL server is hosting.
• Same user : keyword specifies that the client can only connect to a
database that matches the clients authenticated user name.
• Name : Client can only connect to the database as specified by name .
Pg_hba.conf - ip_addr , netmask
• The ip_addr and netmask fields specify either a specific IP address, or
range of IP addresses, that are allowed to connect to the PostgreSQL
server.
• Range can by specified by describing an IP network with an
associated netmask.
• For single IP address the netmask field should be set
to 255.255.255.255.
Pg_hba.conf- Authentication
• The Authentication method specifies the type of authentication the server should use for a user
trying to connect to PostgreSQL.
• Trust :This method allows any user from the defined host to connect to a PostgreSQL database
without the use of a password, as any PostgreSQL user. You are trusting the host-based
authentication with the use of this method, and any user on the specified host. This is a dangerous
condition if the specified host is not a secure machine, or provides access to users unknown to you.
• Reject : This method automatically denies access to PostgreSQL for that host or user. This can be a
prudent setting for sites that you know are never allowed to connect to your database server.
• Password :This method specifies that a password must exist for a connecting user. The use of this
method will require the connecting user to supply a password that matches the password found in
the database.
Cont… Authentication Method
• Crypt : This method is similar to the password method. When using crypt, the password
is not sent in clear text, but through a simple form of encryption. The use of this method
is not very secure, but is better than using the clear text password method.
• Krb4, krb5 : This methods are used to specify Version 4 or 5 of the Kerberos
authentication system.
• Ident : This method specifies that an ident map should be used when a host is requesting
connections from a valid IP address listed in the pg_hba.conf file. This method requires
one option.
• The required option may be either the special term sameuser, or a named map that is
defined within the pg_ident.conf file.
Steps to modify pg_hba.conf
• Stop postgresql on the source machine.
• Edit pg_hba.conf file and add the entry of client.
• Change the authentication method to Trust or md5(depending on requirement)
• Edit parameter in pg_hba.conf to listen_addresses = '*‘ or ip address
• Start postgres on the source machine.
• Connection psql -U postgres –h hostname from client.
• Depending on the authentication method choosen the client may or maynot
prompt for password.
Thank You. 