rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

doc: move HBA reload instructions above the syntax details 

Reported-by: John <johrss@amazon.com>

Discussion: https://postgr.es/m/165947088723.651.7641196693246068619@wrigleys.postgresql.org

Backpatch-through: master
This commit is contained in:
Bruce Momjian 2023-11-03 14:03:22 -04:00
parent 42d3125ada
commit d594e0daf7
1 changed files with 51 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
doc/src/sgml/client-auth.sgml
View File

@ -73,6 +73,35 @@
however; see the <xref linkend="guc-hba-file"/> configuration parameter.
</para>
<para>
The <filename>pg_hba.conf</filename> file is read on start-up and when
the main server process receives a
<systemitem>SIGHUP</systemitem><indexterm><primary>SIGHUP</primary></indexterm>
signal. If you edit the file on an
active system, you will need to signal the postmaster
(using <literal>pg_ctl reload</literal>, calling the SQL function
<function>pg_reload_conf()</function>, or using <literal>kill
-HUP</literal>) to make it re-read the file.
</para>
<note>
<para>
The preceding statement is not true on Microsoft Windows: there, any
changes in the <filename>pg_hba.conf</filename> file are immediately
applied by subsequent new connections.
</para>
</note>
<para>
The system view
<link linkend="view-pg-hba-file-rules"><structname>pg_hba_file_rules</structname></link>
can be helpful for pre-testing changes to the <filename>pg_hba.conf</filename>
file, or for diagnosing problems if loading of the file did not have the
desired effects. Rows in the view with
non-null <structfield>error</structfield> fields indicate problems in the
corresponding lines of the file.
</para>
<para>
The general format of the <filename>pg_hba.conf</filename> file is
a set of records, one per line. Blank lines are ignored, as is any
@ -733,35 +762,6 @@ openssl x509 -in myclient.crt -noout --subject -nameopt RFC2253 | sed "s/^subjec
range of allowed client IP addresses.
</para>
<para>
The <filename>pg_hba.conf</filename> file is read on start-up and when
the main server process receives a
<systemitem>SIGHUP</systemitem><indexterm><primary>SIGHUP</primary></indexterm>
signal. If you edit the file on an
active system, you will need to signal the postmaster
(using <literal>pg_ctl reload</literal>, calling the SQL function
<function>pg_reload_conf()</function>, or using <literal>kill
-HUP</literal>) to make it re-read the file.
</para>
<note>
<para>
The preceding statement is not true on Microsoft Windows: there, any
changes in the <filename>pg_hba.conf</filename> file are immediately
applied by subsequent new connections.
</para>
</note>
<para>
The system view
<link linkend="view-pg-hba-file-rules"><structname>pg_hba_file_rules</structname></link>
can be helpful for pre-testing changes to the <filename>pg_hba.conf</filename>
file, or for diagnosing problems if loading of the file did not have the
desired effects. Rows in the view with
non-null <structfield>error</structfield> fields indicate problems in the
corresponding lines of the file.
</para>
<tip>
<para>
To connect to a particular database, a user must not only pass the
@ -933,6 +933,28 @@ local db1,db2,@demodbs all md5
As for <filename>pg_hba.conf</filename>, the lines in this file can
be include directives, following the same rules.
</para>
<para>
The <filename>pg_ident.conf</filename> file is read on start-up and
when the main server process receives a
<systemitem>SIGHUP</systemitem><indexterm><primary>SIGHUP</primary></indexterm>
signal. If you edit the file on an
active system, you will need to signal the postmaster
(using <literal>pg_ctl reload</literal>, calling the SQL function
<function>pg_reload_conf()</function>, or using <literal>kill
-HUP</literal>) to make it re-read the file.
</para>
<para>
The system view
<link linkend="view-pg-ident-file-mappings"><structname>pg_ident_file_mappings</structname></link>
can be helpful for pre-testing changes to the
<filename>pg_ident.conf</filename> file, or for diagnosing problems if
loading of the file did not have the desired effects. Rows in the view with
non-null <structfield>error</structfield> fields indicate problems in the
corresponding lines of the file.
</para>
<para>
There is no restriction regarding how many database users a given
operating system user can correspond to, nor vice versa. Thus, entries
@ -999,27 +1021,6 @@ mymap /^(.*)@otherdomain\.com$ guest
</para>
</tip>
<para>
The <filename>pg_ident.conf</filename> file is read on start-up and
when the main server process receives a
<systemitem>SIGHUP</systemitem><indexterm><primary>SIGHUP</primary></indexterm>
signal. If you edit the file on an
active system, you will need to signal the postmaster
(using <literal>pg_ctl reload</literal>, calling the SQL function
<function>pg_reload_conf()</function>, or using <literal>kill
-HUP</literal>) to make it re-read the file.
</para>
<para>
The system view
<link linkend="view-pg-ident-file-mappings"><structname>pg_ident_file_mappings</structname></link>
can be helpful for pre-testing changes to the
<filename>pg_ident.conf</filename> file, or for diagnosing problems if
loading of the file did not have the desired effects. Rows in the view with
non-null <structfield>error</structfield> fields indicate problems in the
corresponding lines of the file.
</para>
<para>
A <filename>pg_ident.conf</filename> file that could be used in
conjunction with the <filename>pg_hba.conf</filename> file in <xref