Home Explore Blog CI



postgresql
5th chunk of `doc/src/sgml/client-auth.sgml`
08be0cfc423fcd3b4eceb99eaf34429b6e1bda0db89661cd0000000100000fa1
     </para>

      <para>
       To make use of this option the server must be built with
       <acronym>GSSAPI</acronym> support.  Otherwise,
       the <literal>hostgssenc</literal> record is ignored except for logging
       a warning that it cannot match any connections.
      </para>
     </listitem>
    </varlistentry>

    <varlistentry>
     <term><literal>hostnogssenc</literal></term>
     <listitem>
      <para>
       This record type has the opposite behavior of <literal>hostgssenc</literal>;
       it only matches connection attempts made over
       TCP/IP that do not use <acronym>GSSAPI</acronym> encryption.
      </para>
     </listitem>
    </varlistentry>

    <varlistentry>
     <term><replaceable>database</replaceable></term>
     <listitem>
      <para>
       Specifies which database name(s) this record matches.  The value
       <literal>all</literal> specifies that it matches all databases.
       The value <literal>sameuser</literal> specifies that the record
       matches if the requested database has the same name as the
       requested user.  The value <literal>samerole</literal> specifies that
       the requested user must be a member of the role with the same
       name as the requested database.  (<literal>samegroup</literal> is an
       obsolete but still accepted spelling of <literal>samerole</literal>.)
       Superusers are not considered to be members of a role for the
       purposes of <literal>samerole</literal> unless they are explicitly
       members of the role, directly or indirectly, and not just by
       virtue of being a superuser.
       The value <literal>replication</literal> specifies that the record
       matches if a physical replication connection is requested, however, it
       doesn't match with logical replication connections. Note that physical
       replication connections do not specify any particular database whereas
       logical replication connections do specify it.
       Otherwise, this is the name of a specific
       <productname>PostgreSQL</productname> database or a regular expression.
       Multiple database names and/or regular expressions can be supplied by
       separating them with commas.
      </para>
      <para>
       If the database name starts with a slash (<literal>/</literal>), the
       remainder of the name is treated as a regular expression.
       (See <xref linkend="posix-syntax-details"/> for details of
       <productname>PostgreSQL</productname>'s regular expression syntax.)
      </para>
      <para>
       A separate file containing database names and/or regular expressions
       can be specified by preceding the file name with <literal>@</literal>.
      </para>
     </listitem>
    </varlistentry>

    <varlistentry>
     <term><replaceable>user</replaceable></term>
     <listitem>
      <para>
       Specifies which database user name(s) this record
       matches. The value <literal>all</literal> specifies that it
       matches all users.  Otherwise, this is either the name of a specific
       database user, a regular expression (when starting with a slash
       (<literal>/</literal>), or a group name preceded by <literal>+</literal>.
       (Recall that there is no real distinction between users and groups
       in <productname>PostgreSQL</productname>; a <literal>+</literal> mark really means
       <quote>match any of the roles that are directly or indirectly members
       of this role</quote>, while a name without a <literal>+</literal> mark matches
       only that specific role.) For this purpose, a superuser is only
       considered to be a member of a role if they are explicitly a member
       of the role, directly or indirectly, and not just by virtue of
       being a superuser.
       Multiple user names and/or regular expressions can be supplied by
       separating them with commas.
      </para>
      <para>
       If the user name starts with a slash (<literal>/</literal>), the
       remainder
Title: Database and User Specification in pg_hba.conf
Summary
The database and user fields in pg_hba.conf specify which databases and users a record matches. The database field can match all databases, a specific database, or a regular expression, while the user field can match all users, a specific user, a regular expression, or a group name. The record can also match users who are members of a specific role, and multiple database names and user names can be supplied by separating them with commas. Regular expressions can be used by starting the name with a slash, and a separate file containing database names or user names can be specified by preceding the file name with '@'.