pg_hba.conf
A configuration file which controls access to PostgreSQL databases
pg_hba.conf
("hba" stands for "Host-Based Access") is one of PostgreSQL's main configuration files, which is used to determine which users can access which database from which host using which authentication method.
Location
By default pg_hba.conf
is located in the instance's data directory. This can be overriden by explicitly setting the parameter hba_file
at instance startup.
The location of pg_hba.conf
can be determined by executing one of:
SHOW hba_file;
or
SELECT current_setting('hba_file');
Contents
From PostgreSQL 10, the system catalogue view pg_hba_file_rules
provides a summary of the current contents of pg_hba.conf
and can be used to check for potential errors before attempting to apply changes.
Change history
Work-in-progress
- PostgreSQL 14
- authentication option
clientcert
no longer supports the options0
,1
andno-verify
(commit 253f1025)
- authentication option
- PostgreSQL 10
- logical replication connections now handled as normal connections, i.e. the
replication
keyword is no longer used (commit 8df9bd0b)
- logical replication connections now handled as normal connections, i.e. the
pg_hba.conf
was added during the Postgres95 development phase (initial commit 57026d60)
References
- PostgreSQL documentation: pg_hba.conf
Useful links
- Make pg_hba.conf Redundant by Using pg_hba.conf - Article by Shaun M. Thomas explaining how to simplify access configuration
Categories
See also
ident_file, pg_hba_file_rules