A configuration file which controls access to PostgreSQL databases

pg_hba.conf ("hba" stands for "Host-Based Access") is one of PostgreSQL's main configuration files, which is used to determine which users can access which database from which host using which authentication method.


By default pg_hba.conf is located in the instance's data directory. This can be overriden by explicitly setting the parameter hba_file at instance startup.

The location of pg_hba.conf can be determined by executing one of:

SHOW hba_file;


SELECT current_setting('hba_file');


From PostgreSQL 10, the system catalogue view pg_hba_file_rules provides a summary of the current contents of pg_hba.conf and can be used to check for potential errors before attempting to apply changes.

Change history


  • PostgreSQL 14
    • authentication option clientcert no longer supports the options 0, 1 and no-verify (commit 253f1025)
  • PostgreSQL 10
    • logical replication connections now handled as normal connections, i.e. the replication keyword is no longer used (commit 8df9bd0b)

pg_hba.conf was added during the Postgres95 development phase (initial commit 57026d60)


Authentication, Configuration, Users and roles

See also

ident_file, pg_hba_file_rules