Contents

pg_hba.conf

A configuration file which controls access to PostgreSQL databases

pg_hba.conf ("hba" stands for "Host-Based Access") is one of PostgreSQL's main configuration files, which is used to determine which users can access which database from which host using which authentication method.

Location

By default pg_hba.conf is located in the instance's data directory. This can be overriden by explicitly setting the parameter hba_file at instance startup.

The location of pg_hba.conf can be determined by executing one of:

SHOW hba_file;

or

SELECT current_setting('hba_file');

Contents

From PostgreSQL 10, the system catalogue view pg_hba_file_rules provides a summary of the current contents of pg_hba.conf and can be used to check for potential errors before attempting to apply changes.

Change history

Work-in-progress

  • PostgreSQL 14
    • authentication option clientcert no longer supports the options 0, 1 and no-verify (commit 253f1025)
  • PostgreSQL 10
    • logical replication connections now handled as normal connections, i.e. the replication keyword is no longer used (commit 8df9bd0b)

pg_hba.conf was added during the Postgres95 development phase (initial commit 57026d60)

Categories

Authentication, Configuration, Users and roles

See also

ident_file, pg_hba_file_rules