Home Explore Blog CI



postgresql
32th chunk of `doc/src/sgml/libpq.sgml`
4300c1c8397914b9941fa2999b73cea5a5d03b79663265c90000000100000fb1
 Setting the maximum protocol version
        is mainly useful for testing or if some component has issues working
        with a newer protocol.
       </para>
      </listitem>
     </varlistentry>

     <varlistentry id="libpq-connect-krbsrvname" xreflabel="krbsrvname">
      <term><literal>krbsrvname</literal></term>
      <listitem>
       <para>
        Kerberos service name to use when authenticating with GSSAPI.
        This must match the service name specified in the server
        configuration for Kerberos authentication to succeed. (See also
        <xref linkend="gssapi-auth"/>.)
        The default value is normally <literal>postgres</literal>,
        but that can be changed when
        building <productname>PostgreSQL</productname> via
        the <option>--with-krb-srvnam</option> option
        of <application>configure</application>.
        In most environments, this parameter never needs to be changed.
        Some Kerberos implementations might require a different service name,
        such as Microsoft Active Directory which requires the service name
        to be in upper case (<literal>POSTGRES</literal>).
       </para>
      </listitem>
     </varlistentry>

     <varlistentry id="libpq-connect-gsslib" xreflabel="gsslib">
      <term><literal>gsslib</literal></term>
      <listitem>
       <para>
        GSS library to use for GSSAPI authentication.
        Currently this is disregarded except on Windows builds that include
        both GSSAPI and SSPI support.  In that case, set
        this to <literal>gssapi</literal> to cause libpq to use the GSSAPI
        library for authentication instead of the default SSPI.
       </para>
      </listitem>
     </varlistentry>

     <varlistentry id="libpq-connect-gssdelegation" xreflabel="gssdelegation">
      <term><literal>gssdelegation</literal></term>
      <listitem>
       <para>
        Forward (delegate) GSS credentials to the server.  The default is
        <literal>0</literal> which means credentials will not be forwarded
        to the server.  Set this to <literal>1</literal> to have credentials
        forwarded when possible.
       </para>
      </listitem>
     </varlistentry>

     <varlistentry id="libpq-connect-scram-client-key" xreflabel="scram_client_key">
      <term><literal>scram_client_key</literal></term>
      <listitem>
       <para>
        The base64-encoded SCRAM client key.  This can be used by foreign-data
        wrappers or similar middleware to enable pass-through SCRAM
        authentication. See <xref
        linkend="postgres-fdw-options-connection-management"/> for one such
        implementation.  It is not meant to be specified directly by users or
        client applications.
       </para>
      </listitem>
     </varlistentry>

     <varlistentry id="libpq-connect-scram-server-key" xreflabel="scram_server_key">
      <term><literal>scram_server_key</literal></term>
      <listitem>
       <para>
        The base64-encoded SCRAM server key.  This can be used by foreign-data
        wrappers or similar middleware to enable pass-through SCRAM
        authentication. See <xref
        linkend="postgres-fdw-options-connection-management"/> for one such
        implementation.  It is not meant to be specified directly by users or
        client applications.
       </para>
      </listitem>
     </varlistentry>

     <varlistentry id="libpq-connect-service" xreflabel="service">
      <term><literal>service</literal></term>
      <listitem>
       <para>
        Service name to use for additional parameters.  It specifies a service
        name in <filename>pg_service.conf</filename> that holds additional connection parameters.
        This allows applications to specify only a service name so connection parameters
        can be centrally maintained. See <xref linkend="libpq-pgservice"/>.
       </para>
      </listitem>
     </varlistentry>

     <varlistentry id="libpq-connect-target-session-attrs" xreflabel="target_session_attrs">
Title: Connection Parameters: Kerberos, GSSAPI, SCRAM, and Service Name
Summary
This section details parameters for configuring Kerberos, GSSAPI, and SCRAM authentication, as well as specifying a service name for connection parameters in libpq. 'krbsrvname' sets the Kerberos service name (defaulting to 'postgres', but potentially needing to be 'POSTGRES' in Active Directory). 'gsslib' selects the GSSAPI library (relevant on Windows with both GSSAPI and SSPI support). 'gssdelegation' enables GSS credential forwarding. 'scram_client_key' and 'scram_server_key' provide base64-encoded SCRAM keys, primarily for foreign-data wrappers. 'service' specifies a service name from pg_service.conf for centralized connection parameter management.