5.24. Authentication

5.24. Authentication
Prev	Up	Chapter 5. Using PPEM	Home	Next

5.24. Authentication #

PPEM allows viewing authentication rules based on the host name of the instance (host-based authentication; HBA) and editing them. These rules are specified in the pg_hba.conf configuration file.

Viewing Authentication Rules

In the navigation panel, go to Infrastructure → Instances.
Click the name of the instance.
In the navigation panel, go to Authentication.

The table with the pg_hba.conf configuration file information and the following columns will be displayed:

Type: The type of the connection.
Possible values:
- local
- host
- hostssl
- hostnossl
- hostgssenc
- hostnogssenc
Database: The databases to which the authentication rule applies.
The all value means that the rule applies to all databases.
User: The users and groups to which the authentication rule is applied.
The all value means that the rule applies to all users.
Address: The network address(es) of the client machine to which the authentication rule applies. It can include the name of the computer, IP range, or one of the keywords.
The all value means that the rule applies to all IP addresses.
This column is not used for rules with the local type.
IP-mask: The mask of the IP address.
The value is displayed if only an IP address is specified in Address.
Specifying a mask in a separate column is an alternative for the IP_address/mask_length record.
This column is not used for rules with the local type.
Method: The authentication method.
Possible values:
- trust
- reject
- scram-sha-256
- md5
- password
For the full list of possible authentication methods, refer to the official Postgres Pro documentation.
Options: The authentication method parameters in the name=value format.
For more information about available authentication method parameters, refer to the official Postgres Pro documentation.

The rules in the table follow the same order as in the main pg_hba.conf configuration file. If the include, include_if_exists, and include_dir directives are used in this file, the rules listed in the included files are not displayed.

To view the full pg_hba.conf configuration file, in the top-right corner of the page, click View full file.

Editing Authentication Rules

PPEM provides the following ways of editing authentication rules:

Adding a line to the pg_hba.conf configuration file
Switching to the edit mode of the pg_hba.conf configuration file

Adding a Line to the Configuration File

In the navigation panel, go to Infrastructure → Instances.
Click the name of the instance.
In the navigation panel, go to Authentication.
In the top-right corner of the page, click Add line.
Enter parameters of the new line in the pg_hba.conf configuration file (parameters marked with an asterisk are required):
- Type: The type of the connection.
- Users (search): The names of users and groups to which the authentication rule will apply.
- Users (will be saved to file): The names of users and groups to which the authentication rule will be applied.
  You can specify a comma-separated list of users.
- Databases (search): The names of databases to which the authentication rule will apply.
- Databases (will be saved to file): The names of databases to which the authentication rule will apply.
  You can specify a comma-separated list of databases.
- Address: The network address(es) of the client machine to which the authentication rule will apply.
  This parameter is available only if you select any value except local from Type.
- IP-mask: The mask of the IP address.
  This parameter is available only if you select any value except local from Type.
- Method: The authentication method.
- Options: The authentication method parameters in the name=value format.
Click Add.
(Optional) To reset all added but not yet saved lines, in the bottom-right corner of the page, click Reset.
In the bottom-right corner of the page, click Save.

Configuration File Editing Mode

In the navigation panel, go to Infrastructure → Instances.
Click the name of the instance.
In the navigation panel, go to Authentication.
In the top-right corner of the page, turn on Edit mode.
Perform one of the following actions with the line:
- To move the line one position up, click next to it.
- To move the line one position down, click next to it.
- To delete the line, click next to it.
(Optional) To reset all edited but not yet saved lines, in the bottom-right corner of the page, click Reset.
In the bottom-right corner of the page, click Save.

Note

When rules are saved, the instance receives a configuration reload signal. In this case, all configuration files of the instance are reread.

Prev	Up	Next
5.23. Profiler	Home	5.25. Instance Roles