Record Types and Field Meanings in pg

<replaceable>database</replaceable> <replaceable>user</replaceable> <replaceable>IP-address</replaceable> <replaceable>IP-mask</replaceable> <replaceable>auth-method</replaceable> <optional><replaceable>auth-options</replaceable></optional> include <replaceable>file</replaceable> include_if_exists <replaceable>file</replaceable> include_dir <replaceable>directory</replaceable> </synopsis> The meaning of the fields is as follows: <variablelist> <varlistentry> <term><literal>local</literal></term> <listitem> <para> This record matches connection attempts using Unix-domain sockets. Without a record of this type, Unix-domain socket connections are disallowed. </para> </listitem> </varlistentry> <varlistentry> <term><literal>host</literal></term> <listitem> <para> This record matches connection attempts made using TCP/IP. <literal>host</literal> records match <acronym>SSL</acronym> or non-<acronym>SSL</acronym> connection attempts as well as <acronym>GSSAPI</acronym> encrypted or non-<acronym>GSSAPI</acronym> encrypted connection attempts. </para> <note> <para> Remote TCP/IP connections will not be possible unless the server is started with an appropriate value for the <xref linkend="guc-listen-addresses"/> configuration parameter, since the default behavior is to listen for TCP/IP connections only on the local loopback address <literal>localhost</literal>. </para> </note> </listitem> </varlistentry> <varlistentry> <term><literal>hostssl</literal></term> <listitem> <para> This record matches connection attempts made using TCP/IP, but only when the connection is made with <acronym>SSL</acronym> encryption. </para> <para> To make use of this option the server must be built with <acronym>SSL</acronym> support. Furthermore, <acronym>SSL</acronym> must be enabled by setting the <xref linkend="guc-ssl"/> configuration parameter (see <xref linkend="ssl-tcp"/> for more information). Otherwise, the <literal>hostssl</literal> record is ignored except for logging a warning that it cannot match any connections. </para> </listitem> </varlistentry> <varlistentry> <term><literal>hostnossl</literal></term> <listitem> <para> This record type has the opposite behavior of <literal>hostssl</literal>; it only matches connection attempts made over TCP/IP that do not use <acronym>SSL</acronym>. </para> </listitem> </varlistentry> <varlistentry> <term><literal>hostgssenc</literal></term> <listitem> <para> This record matches connection attempts made using TCP/IP, but only when the connection is made with <acronym>GSSAPI</acronym> encryption. </para> <para> To make use of this option the server must be built with <acronym>GSSAPI</acronym> support. Otherwise, the <literal>hostgssenc</literal> record is ignored except for logging a warning that it cannot match any connections. </para> </listitem> </varlistentry> <varlistentry> <term><literal>hostnogssenc</literal></term> <listitem> <para> This record type has the opposite behavior of <literal>hostgssenc</literal>; it only matches connection attempts made over TCP/IP that do not use <acronym>GSSAPI</acronym> encryption. </para> </listitem> </varlistentry> <varlistentry> <term><replaceable>database</replaceable></term> <listitem> <para> Specifies which database name(s) this record matches. The value <literal>all</literal> specifies that it matches all databases. The value <literal>sameuser</literal> specifies that the record

The pg_hba.conf file supports various record types, including local, host, hostssl, hostnossl, hostgssenc, and hostnogssenc, each with specific fields and meanings. The local record matches Unix-domain socket connections, while host records match TCP/IP connections with or without SSL or GSSAPI encryption. The hostssl, hostnossl, hostgssenc, and hostnogssenc records match specific types of TCP/IP connections based on SSL and GSSAPI encryption. The database field specifies which database name(s) a record matches, with options including 'all' and 'sameuser'.