Home Explore Blog CI



postgresql
16th chunk of `doc/src/sgml/config.sgml`
2e99c405f599169d2e33010c99e04454fd150fa17325caa60000000100000fa0
 macOS, illumos
        and the BSD family of operating systems, and is not currently available
        on other systems.
       </para>
       <para>
        If the value is specified without units, it is taken as milliseconds.
        The default value is <literal>0</literal>, which disables connection
        checks.  Without connection checks, the server will detect the loss of
        the connection only at the next interaction with the socket, when it
        waits for, receives or sends data.
       </para>
       <para>
        For the kernel itself to detect lost TCP connections reliably and within
        a known timeframe in all scenarios including network failure, it may
        also be necessary to adjust the TCP keepalive settings of the operating
        system, or the <xref linkend="guc-tcp-keepalives-idle"/>,
        <xref linkend="guc-tcp-keepalives-interval"/> and
        <xref linkend="guc-tcp-keepalives-count"/> settings of
        <productname>PostgreSQL</productname>.
       </para>
      </listitem>
     </varlistentry>

     </variablelist>
     </sect2>

     <sect2 id="runtime-config-connection-authentication">
     <title>Authentication</title>

     <variablelist>
     <varlistentry id="guc-authentication-timeout" xreflabel="authentication_timeout">
      <term><varname>authentication_timeout</varname> (<type>integer</type>)
      <indexterm><primary>timeout</primary><secondary>client authentication</secondary></indexterm>
      <indexterm><primary>client authentication</primary><secondary>timeout during</secondary></indexterm>
      <indexterm>
       <primary><varname>authentication_timeout</varname> configuration parameter</primary>
      </indexterm>
      </term>

      <listitem>
       <para>
        Maximum amount of time allowed to complete client authentication. If a
        would-be client has not completed the authentication protocol in
        this much time, the server closes the connection. This prevents
        hung clients from occupying a connection indefinitely.
        If this value is specified without units, it is taken as seconds.
        The default is one minute (<literal>1m</literal>).
        This parameter can only be set in the <filename>postgresql.conf</filename>
        file or on the server command line.
       </para>
      </listitem>
     </varlistentry>

     <varlistentry id="guc-password-encryption" xreflabel="password_encryption">
      <term><varname>password_encryption</varname> (<type>enum</type>)
      <indexterm>
       <primary><varname>password_encryption</varname> configuration parameter</primary>
      </indexterm>
      </term>
      <listitem>
       <para>
        When a password is specified in <xref linkend="sql-createrole"/> or
        <xref linkend="sql-alterrole"/>, this parameter determines the
        algorithm to use to encrypt the password.  Possible values are
        <literal>scram-sha-256</literal>, which will encrypt the password with
        SCRAM-SHA-256, and <literal>md5</literal>, which stores the password
        as an MD5 hash.  The default is <literal>scram-sha-256</literal>.
       </para>
       <para>
        Note that older clients might lack support for the SCRAM authentication
        mechanism, and hence not work with passwords encrypted with
        SCRAM-SHA-256.  See <xref linkend="auth-password"/> for more details.
       </para>
       <warning>
        <para>
         Support for MD5-encrypted passwords is deprecated and will be removed
         in a future release of <productname>PostgreSQL</productname>.  Refer
         to <xref linkend="auth-password"/> for details about migrating to
         another password type.
        </para>
       </warning>
      </listitem>
     </varlistentry>

     <varlistentry id="guc-scram-iterations" xreflabel="scram_iterations">
      <term><varname>scram_iterations</varname> (<type>integer</type>)
      <indexterm>
       <primary><varname>scram_iterations</varname> configuration
Title: Client Connection Checks and Authentication Configuration
Summary
This section covers two configuration areas: client connection checks and authentication. It elaborates on the `client_connection_check_interval` parameter, which enables the server to periodically verify the client connection. It also explains its limitations, being only available on Linux, macOS, illumos, and the BSD family of operating systems. It describes the authentication configurations, covering `authentication_timeout` (maximum time allowed for client authentication) and `password_encryption` (algorithm used to encrypt passwords), emphasizing the deprecation of MD5 encryption and the recommendation to use SCRAM-SHA-256.