403Webshell
Server IP : 103.119.228.120  /  Your IP : 3.137.169.14
Web Server : Apache
System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64
User : nobody ( 99)
PHP Version : 5.6.40
Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime
MySQL : ON |  cURL : ON |  WGET : ON |  Perl : ON |  Python : ON |  Sudo : ON |  Pkexec : ON
Directory :  /usr/local/ssl/share/doc/postgresql-9.2.24/html/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :


[ Back ]     

Current File : /usr/local/ssl/share/doc/postgresql-9.2.24/html/runtime-config-connection.html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>Connections and Authentication</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REV="MADE"
HREF="mailto:pgsql-docs@postgresql.org"><LINK
REL="HOME"
TITLE="PostgreSQL 9.2.24 Documentation"
HREF="index.html"><LINK
REL="UP"
TITLE="Server Configuration"
HREF="runtime-config.html"><LINK
REL="PREVIOUS"
TITLE="File Locations"
HREF="runtime-config-file-locations.html"><LINK
REL="NEXT"
TITLE="Resource Consumption"
HREF="runtime-config-resource.html"><LINK
REL="STYLESHEET"
TYPE="text/css"
HREF="stylesheet.css"><META
HTTP-EQUIV="Content-Type"
CONTENT="text/html; charset=ISO-8859-1"><META
NAME="creation"
CONTENT="2017-11-06T22:43:11"></HEAD
><BODY
CLASS="SECT1"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="5"
ALIGN="center"
VALIGN="bottom"
><A
HREF="index.html"
>PostgreSQL 9.2.24 Documentation</A
></TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="top"
><A
TITLE="File Locations"
HREF="runtime-config-file-locations.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="top"
><A
HREF="runtime-config.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="60%"
ALIGN="center"
VALIGN="bottom"
>Chapter 18. Server Configuration</TD
><TD
WIDTH="20%"
ALIGN="right"
VALIGN="top"
><A
TITLE="Resource Consumption"
HREF="runtime-config-resource.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="RUNTIME-CONFIG-CONNECTION"
>18.3. Connections and Authentication</A
></H1
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="RUNTIME-CONFIG-CONNECTION-SETTINGS"
>18.3.1. Connection Settings</A
></H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
><A
NAME="GUC-LISTEN-ADDRESSES"
></A
><TT
CLASS="VARNAME"
>listen_addresses</TT
> (<TT
CLASS="TYPE"
>string</TT
>)</DT
><DD
><P
>         Specifies the TCP/IP address(es) on which the server is
         to listen for connections from client applications.
         The value takes the form of a comma-separated list of host names
         and/or numeric IP addresses.  The special entry <TT
CLASS="LITERAL"
>*</TT
>
         corresponds to all available IP interfaces.  The entry
         <TT
CLASS="LITERAL"
>0.0.0.0</TT
> allows listening for all IPv4 addresses and
         <TT
CLASS="LITERAL"
>::</TT
> allows listening for all IPv6 addresses.
         If the list is empty, the server does not listen on any IP interface
         at all, in which case only Unix-domain sockets can be used to connect
         to it.
         The default value is <SPAN
CLASS="SYSTEMITEM"
>localhost</SPAN
>,
         which allows only local TCP/IP <SPAN
CLASS="QUOTE"
>"loopback"</SPAN
> connections to be
         made.  While client authentication (<A
HREF="client-authentication.html"
>Chapter 19</A
>) allows fine-grained control
         over who can access the server, <TT
CLASS="VARNAME"
>listen_addresses</TT
>
         controls which interfaces accept connection attempts, which
         can help prevent repeated malicious connection requests on
         insecure network interfaces.  This parameter can only be set
         at server start.
       </P
></DD
><DT
><A
NAME="GUC-PORT"
></A
><TT
CLASS="VARNAME"
>port</TT
> (<TT
CLASS="TYPE"
>integer</TT
>)</DT
><DD
><P
>        The TCP port the server listens on; 5432 by default.  Note that the
        same port number is used for all IP addresses the server listens on.
        This parameter can only be set at server start.
       </P
></DD
><DT
><A
NAME="GUC-MAX-CONNECTIONS"
></A
><TT
CLASS="VARNAME"
>max_connections</TT
> (<TT
CLASS="TYPE"
>integer</TT
>)</DT
><DD
><P
>        Determines the maximum number of concurrent connections to the
        database server. The default is typically 100 connections, but
        might be less if your kernel settings will not support it (as
        determined during <SPAN
CLASS="APPLICATION"
>initdb</SPAN
>).  This parameter can
        only be set at server start.
       </P
><P
>        Increasing this parameter might cause <SPAN
CLASS="PRODUCTNAME"
>PostgreSQL</SPAN
>
        to request more <SPAN
CLASS="SYSTEMITEM"
>System V</SPAN
> shared
        memory or semaphores than your operating system's default configuration
        allows. See <A
HREF="kernel-resources.html#SYSVIPC"
>Section 17.4.1</A
> for information on how to
        adjust those parameters, if necessary.
       </P
><P
>        When running a standby server, you must set this parameter to the
        same or higher value than on the master server. Otherwise, queries
        will not be allowed in the standby server.
       </P
></DD
><DT
><A
NAME="GUC-SUPERUSER-RESERVED-CONNECTIONS"
></A
><TT
CLASS="VARNAME"
>superuser_reserved_connections</TT
>
      (<TT
CLASS="TYPE"
>integer</TT
>)</DT
><DD
><P
>        Determines the number of connection <SPAN
CLASS="QUOTE"
>"slots"</SPAN
> that
        are reserved for connections by <SPAN
CLASS="PRODUCTNAME"
>PostgreSQL</SPAN
>
        superusers.  At most <A
HREF="runtime-config-connection.html#GUC-MAX-CONNECTIONS"
>max_connections</A
>
        connections can ever be active simultaneously.  Whenever the
        number of active concurrent connections is at least
        <TT
CLASS="VARNAME"
>max_connections</TT
> minus
        <TT
CLASS="VARNAME"
>superuser_reserved_connections</TT
>, new
        connections will be accepted only for superusers, and no
        new replication connections will be accepted.
       </P
><P
>        The default value is three connections. The value must be less
        than the value of <TT
CLASS="VARNAME"
>max_connections</TT
>. This
        parameter can only be set at server start.
       </P
></DD
><DT
><A
NAME="GUC-UNIX-SOCKET-DIRECTORIES"
></A
><TT
CLASS="VARNAME"
>unix_socket_directories</TT
> (<TT
CLASS="TYPE"
>string</TT
>)</DT
><DD
><P
>        Specifies the directory of the Unix-domain socket(s) on which the
        server is to listen for connections from client applications.
        Multiple sockets can be created by listing multiple directories
        separated by commas.  Whitespace between entries is
        ignored; surround a directory name with double quotes if you need
        to include whitespace or commas in the name.
        An empty value
        specifies not listening on any Unix-domain sockets, in which case
        only TCP/IP sockets can be used to connect to the server.
        The default value is normally
        <TT
CLASS="FILENAME"
>/tmp</TT
>, but that can be changed at build time.
        This parameter can only be set at server start.
       </P
><P
>        In addition to the socket file itself, which is named
        <TT
CLASS="LITERAL"
>.s.PGSQL.<TT
CLASS="REPLACEABLE"
><I
>nnnn</I
></TT
></TT
> where
        <TT
CLASS="REPLACEABLE"
><I
>nnnn</I
></TT
> is the server's port number, an ordinary file
        named <TT
CLASS="LITERAL"
>.s.PGSQL.<TT
CLASS="REPLACEABLE"
><I
>nnnn</I
></TT
>.lock</TT
> will be
        created in each of the <TT
CLASS="VARNAME"
>unix_socket_directories</TT
> directories.
        Neither file should ever be removed manually.
       </P
><P
>        This parameter is irrelevant on Windows, which does not have
        Unix-domain sockets.
       </P
></DD
><DT
><A
NAME="GUC-UNIX-SOCKET-GROUP"
></A
><TT
CLASS="VARNAME"
>unix_socket_group</TT
> (<TT
CLASS="TYPE"
>string</TT
>)</DT
><DD
><P
>        Sets the owning group of the Unix-domain socket(s).  (The owning
        user of the sockets is always the user that starts the
        server.)  In combination with the parameter
        <TT
CLASS="VARNAME"
>unix_socket_permissions</TT
> this can be used as
        an additional access control mechanism for Unix-domain connections.
        By default this is the empty string, which uses the default
        group of the server user.  This parameter can only be set at
        server start.
       </P
><P
>        This parameter is irrelevant on Windows, which does not have
        Unix-domain sockets.
       </P
></DD
><DT
><A
NAME="GUC-UNIX-SOCKET-PERMISSIONS"
></A
><TT
CLASS="VARNAME"
>unix_socket_permissions</TT
> (<TT
CLASS="TYPE"
>integer</TT
>)</DT
><DD
><P
>        Sets the access permissions of the Unix-domain socket(s).  Unix-domain
        sockets use the usual Unix file system permission set.
        The parameter value is expected to be a numeric mode
        specified in the format accepted by the
        <CODE
CLASS="FUNCTION"
>chmod</CODE
> and <CODE
CLASS="FUNCTION"
>umask</CODE
>
        system calls.  (To use the customary octal format the number
        must start with a <TT
CLASS="LITERAL"
>0</TT
> (zero).)
       </P
><P
>        The default permissions are <TT
CLASS="LITERAL"
>0777</TT
>, meaning
        anyone can connect. Reasonable alternatives are
        <TT
CLASS="LITERAL"
>0770</TT
> (only user and group, see also
        <TT
CLASS="VARNAME"
>unix_socket_group</TT
>) and <TT
CLASS="LITERAL"
>0700</TT
>
        (only user). (Note that for a Unix-domain socket, only write
        permission matters, so there is no point in setting or revoking
        read or execute permissions.)
       </P
><P
>        This access control mechanism is independent of the one
        described in <A
HREF="client-authentication.html"
>Chapter 19</A
>.
       </P
><P
>        This parameter can only be set at server start.
       </P
><P
>        This parameter is irrelevant on systems, notably Solaris as of Solaris
        10, that ignore socket permissions entirely.  There, one can achieve a
        similar effect by pointing <TT
CLASS="VARNAME"
>unix_socket_directory</TT
> to a
        directory having search permission limited to the desired audience.
        This parameter is also irrelevant on Windows, which does not have
        Unix-domain sockets.
       </P
></DD
><DT
><A
NAME="GUC-BONJOUR"
></A
><TT
CLASS="VARNAME"
>bonjour</TT
> (<TT
CLASS="TYPE"
>boolean</TT
>)</DT
><DD
><P
>        Enables advertising the server's existence via
        <SPAN
CLASS="PRODUCTNAME"
>Bonjour</SPAN
>.  The default is off.
        This parameter can only be set at server start.
       </P
></DD
><DT
><A
NAME="GUC-BONJOUR-NAME"
></A
><TT
CLASS="VARNAME"
>bonjour_name</TT
> (<TT
CLASS="TYPE"
>string</TT
>)</DT
><DD
><P
>        Specifies the <SPAN
CLASS="PRODUCTNAME"
>Bonjour</SPAN
> service
        name.  The computer name is used if this parameter is set to the
        empty string <TT
CLASS="LITERAL"
>''</TT
> (which is the default).  This parameter is
        ignored if the server was not compiled with
        <SPAN
CLASS="PRODUCTNAME"
>Bonjour</SPAN
> support.
        This parameter can only be set at server start.
       </P
></DD
><DT
><A
NAME="GUC-TCP-KEEPALIVES-IDLE"
></A
><TT
CLASS="VARNAME"
>tcp_keepalives_idle</TT
> (<TT
CLASS="TYPE"
>integer</TT
>)</DT
><DD
><P
>        Specifies the number of seconds before sending a keepalive packet on
        an otherwise idle connection.  A value of 0 uses the system default.
        This parameter is supported only on systems that support
        <TT
CLASS="SYMBOL"
>TCP_KEEPIDLE</TT
> or an equivalent socket option, and on
        Windows; on other systems, it must be zero.
        In sessions connected via a Unix-domain socket, this parameter is
        ignored and always reads as zero.
       </P
><DIV
CLASS="NOTE"
><BLOCKQUOTE
CLASS="NOTE"
><P
><B
>Note: </B
>         On Windows, a value of 0 will set this parameter to 2 hours,
         since Windows does not provide a way to read the system default value.
        </P
></BLOCKQUOTE
></DIV
></DD
><DT
><A
NAME="GUC-TCP-KEEPALIVES-INTERVAL"
></A
><TT
CLASS="VARNAME"
>tcp_keepalives_interval</TT
> (<TT
CLASS="TYPE"
>integer</TT
>)</DT
><DD
><P
>        Specifies the number of seconds between sending keepalives on an
        otherwise idle connection.  A value of 0 uses the system default.
        This parameter is supported only on systems that support
        <TT
CLASS="SYMBOL"
>TCP_KEEPINTVL</TT
> or an equivalent socket option, and on
        Windows; on other systems, it must be zero.
        In sessions connected via a Unix-domain socket, this parameter is
        ignored and always reads as zero.
       </P
><DIV
CLASS="NOTE"
><BLOCKQUOTE
CLASS="NOTE"
><P
><B
>Note: </B
>         On Windows, a value of 0 will set this parameter to 1 second,
         since Windows does not provide a way to read the system default value.
        </P
></BLOCKQUOTE
></DIV
></DD
><DT
><A
NAME="GUC-TCP-KEEPALIVES-COUNT"
></A
><TT
CLASS="VARNAME"
>tcp_keepalives_count</TT
> (<TT
CLASS="TYPE"
>integer</TT
>)</DT
><DD
><P
>        Specifies the number of keepalive packets to send on an otherwise idle
        connection.  A value of 0 uses the system default.
        This parameter is supported only on systems that support
        <TT
CLASS="SYMBOL"
>TCP_KEEPCNT</TT
> or an equivalent socket option;
        on other systems, it must be zero.
        In sessions connected via a Unix-domain socket, this parameter is
        ignored and always reads as zero.
       </P
><DIV
CLASS="NOTE"
><BLOCKQUOTE
CLASS="NOTE"
><P
><B
>Note: </B
>         This parameter is not supported on Windows, and must be zero.
        </P
></BLOCKQUOTE
></DIV
></DD
></DL
></DIV
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="RUNTIME-CONFIG-CONNECTION-SECURITY"
>18.3.2. Security and Authentication</A
></H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
><A
NAME="GUC-AUTHENTICATION-TIMEOUT"
></A
><TT
CLASS="VARNAME"
>authentication_timeout</TT
> (<TT
CLASS="TYPE"
>integer</TT
>)</DT
><DD
><P
>        Maximum time to complete client authentication, in seconds. If a
        would-be client has not completed the authentication protocol in
        this much time, the server closes the connection. This prevents
        hung clients from occupying a connection indefinitely.
        The default is one minute (<TT
CLASS="LITERAL"
>1m</TT
>).
        This parameter can only be set in the <TT
CLASS="FILENAME"
>postgresql.conf</TT
>
        file or on the server command line.
       </P
></DD
><DT
><A
NAME="GUC-SSL"
></A
><TT
CLASS="VARNAME"
>ssl</TT
> (<TT
CLASS="TYPE"
>boolean</TT
>)</DT
><DD
><P
>        Enables <ACRONYM
CLASS="ACRONYM"
>SSL</ACRONYM
> connections. Please read
        <A
HREF="ssl-tcp.html"
>Section 17.9</A
> before using this. The default
        is <TT
CLASS="LITERAL"
>off</TT
>. This parameter can only be set at server
        start.  <ACRONYM
CLASS="ACRONYM"
>SSL</ACRONYM
> communication is only possible with
        TCP/IP connections.
       </P
></DD
><DT
><A
NAME="GUC-SSL-CA-FILE"
></A
><TT
CLASS="VARNAME"
>ssl_ca_file</TT
> (<TT
CLASS="TYPE"
>string</TT
>)</DT
><DD
><P
>        Specifies the name of the file containing the SSL server certificate
        authority (CA).  The default is empty, meaning no CA file is loaded,
        and client certificate verification is not performed.  (In previous
        releases of PostgreSQL, the name of this file was hard-coded
        as <TT
CLASS="FILENAME"
>root.crt</TT
>.)  Relative paths are relative to the
        data directory.  This parameter can only be set at server start.
       </P
></DD
><DT
><A
NAME="GUC-SSL-CERT-FILE"
></A
><TT
CLASS="VARNAME"
>ssl_cert_file</TT
> (<TT
CLASS="TYPE"
>string</TT
>)</DT
><DD
><P
>        Specifies the name of the file containing the SSL server certificate.
        The default is <TT
CLASS="FILENAME"
>server.crt</TT
>.  Relative paths are
        relative to the data directory.  This parameter can only be set at
        server start.
       </P
></DD
><DT
><A
NAME="GUC-SSL-CRL-FILE"
></A
><TT
CLASS="VARNAME"
>ssl_crl_file</TT
> (<TT
CLASS="TYPE"
>string</TT
>)</DT
><DD
><P
>        Specifies the name of the file containing the SSL server certificate
        revocation list (CRL).  The default is empty, meaning no CRL file is
        loaded.  (In previous releases of PostgreSQL, the name of this file was
        hard-coded as <TT
CLASS="FILENAME"
>root.crl</TT
>.)  Relative paths are
        relative to the data directory.  This parameter can only be set at
        server start.
       </P
></DD
><DT
><A
NAME="GUC-SSL-KEY-FILE"
></A
><TT
CLASS="VARNAME"
>ssl_key_file</TT
> (<TT
CLASS="TYPE"
>string</TT
>)</DT
><DD
><P
>        Specifies the name of the file containing the SSL server private key.
        The default is <TT
CLASS="FILENAME"
>server.key</TT
>.  Relative paths are
        relative to the data directory.  This parameter can only be set at
        server start.
       </P
></DD
><DT
><A
NAME="GUC-SSL-RENEGOTIATION-LIMIT"
></A
><TT
CLASS="VARNAME"
>ssl_renegotiation_limit</TT
> (<TT
CLASS="TYPE"
>integer</TT
>)</DT
><DD
><P
>        Specifies how much data can flow over an <ACRONYM
CLASS="ACRONYM"
>SSL</ACRONYM
>-encrypted
        connection before renegotiation of the session keys will take
        place. Renegotiation decreases an attacker's chances of doing
        cryptanalysis when large amounts of traffic can be examined, but it
        also carries a large performance penalty. The sum of sent and received
        traffic is used to check the limit. If this parameter is set to 0,
        renegotiation is disabled. The default is <TT
CLASS="LITERAL"
>0</TT
>.
       </P
><DIV
CLASS="NOTE"
><BLOCKQUOTE
CLASS="NOTE"
><P
><B
>Note: </B
>         SSL libraries from before November 2009 are insecure when using SSL
         renegotiation, due to a vulnerability in the SSL protocol. As a
         stop-gap fix for this vulnerability, some vendors shipped SSL
         libraries incapable of doing renegotiation. If any such libraries
         are in use on the client or server, SSL renegotiation should be
         disabled.
        </P
></BLOCKQUOTE
></DIV
><DIV
CLASS="WARNING"
><P
></P
><TABLE
CLASS="WARNING"
BORDER="1"
WIDTH="90%"
><TR
><TD
ALIGN="CENTER"
><B
>Warning</B
></TD
></TR
><TR
><TD
ALIGN="LEFT"
><P
>         Due to bugs in <SPAN
CLASS="PRODUCTNAME"
>OpenSSL</SPAN
> enabling ssl renegotiation, by
         configuring a non-zero <TT
CLASS="VARNAME"
>ssl_renegotiation_limit</TT
>, is likely
         to lead to problems like long-lived connections breaking.
        </P
></TD
></TR
></TABLE
></DIV
></DD
><DT
><A
NAME="GUC-SSL-CIPHERS"
></A
><TT
CLASS="VARNAME"
>ssl_ciphers</TT
> (<TT
CLASS="TYPE"
>string</TT
>)</DT
><DD
><P
>        Specifies a list of <ACRONYM
CLASS="ACRONYM"
>SSL</ACRONYM
> ciphers that are allowed to be
        used on secure connections. See the <SPAN
CLASS="APPLICATION"
>openssl</SPAN
>
        manual page for a list of supported ciphers.
       </P
></DD
><DT
><A
NAME="GUC-PASSWORD-ENCRYPTION"
></A
><TT
CLASS="VARNAME"
>password_encryption</TT
> (<TT
CLASS="TYPE"
>boolean</TT
>)</DT
><DD
><P
>        When a password is specified in <A
HREF="sql-createuser.html"
>CREATE USER</A
> or
        <A
HREF="sql-alterrole.html"
>ALTER ROLE</A
>
        without writing either <TT
CLASS="LITERAL"
>ENCRYPTED</TT
> or
        <TT
CLASS="LITERAL"
>UNENCRYPTED</TT
>, this parameter determines whether the
        password is to be encrypted. The default is <TT
CLASS="LITERAL"
>on</TT
>
        (encrypt the password).
       </P
></DD
><DT
><A
NAME="GUC-KRB-SERVER-KEYFILE"
></A
><TT
CLASS="VARNAME"
>krb_server_keyfile</TT
> (<TT
CLASS="TYPE"
>string</TT
>)</DT
><DD
><P
>        Sets the location of the Kerberos server key file. See
        <A
HREF="auth-methods.html#KERBEROS-AUTH"
>Section 19.3.5</A
> or <A
HREF="auth-methods.html#GSSAPI-AUTH"
>Section 19.3.3</A
>
        for details. This parameter can only be set in the
        <TT
CLASS="FILENAME"
>postgresql.conf</TT
> file or on the server command line.
       </P
></DD
><DT
><A
NAME="GUC-KRB-SRVNAME"
></A
><TT
CLASS="VARNAME"
>krb_srvname</TT
> (<TT
CLASS="TYPE"
>string</TT
>)</DT
><DD
><P
>        Sets the Kerberos service name. See <A
HREF="auth-methods.html#KERBEROS-AUTH"
>Section 19.3.5</A
>
        for details. This parameter can only be set in the
        <TT
CLASS="FILENAME"
>postgresql.conf</TT
> file or on the server command line.
       </P
></DD
><DT
><A
NAME="GUC-KRB-CASEINS-USERS"
></A
><TT
CLASS="VARNAME"
>krb_caseins_users</TT
> (<TT
CLASS="TYPE"
>boolean</TT
>)</DT
><DD
><P
>        Sets whether Kerberos and GSSAPI user names should be treated
        case-insensitively.
        The default is <TT
CLASS="LITERAL"
>off</TT
> (case sensitive). This parameter can only be
        set in the <TT
CLASS="FILENAME"
>postgresql.conf</TT
> file or on the server command line.
       </P
></DD
><DT
><A
NAME="GUC-DB-USER-NAMESPACE"
></A
><TT
CLASS="VARNAME"
>db_user_namespace</TT
> (<TT
CLASS="TYPE"
>boolean</TT
>)</DT
><DD
><P
>        This parameter enables per-database user names.  It is off by default.
        This parameter can only be set in the <TT
CLASS="FILENAME"
>postgresql.conf</TT
>
        file or on the server command line.
       </P
><P
>        If this is on, you should create users as <TT
CLASS="LITERAL"
>username@dbname</TT
>.
        When <TT
CLASS="LITERAL"
>username</TT
> is passed by a connecting client,
        <TT
CLASS="LITERAL"
>@</TT
> and the database name are appended to the user
        name and that database-specific user name is looked up by the
        server. Note that when you create users with names containing
        <TT
CLASS="LITERAL"
>@</TT
> within the SQL environment, you will need to
        quote the user name.
       </P
><P
>        With this parameter enabled, you can still create ordinary global
        users.  Simply append <TT
CLASS="LITERAL"
>@</TT
> when specifying the user
        name in the client, e.g. <TT
CLASS="LITERAL"
>joe@</TT
>.  The <TT
CLASS="LITERAL"
>@</TT
>
        will be stripped off before the user name is looked up by the
        server.
       </P
><P
>        <TT
CLASS="VARNAME"
>db_user_namespace</TT
> causes the client's and
        server's user name representation to differ.
        Authentication checks are always done with the server's user name
        so authentication methods must be configured for the
        server's user name, not the client's.  Because
        <TT
CLASS="LITERAL"
>md5</TT
> uses the user name as salt on both the
        client and server, <TT
CLASS="LITERAL"
>md5</TT
> cannot be used with
        <TT
CLASS="VARNAME"
>db_user_namespace</TT
>.
       </P
><DIV
CLASS="NOTE"
><BLOCKQUOTE
CLASS="NOTE"
><P
><B
>Note: </B
>         This feature is intended as a temporary measure until a
         complete solution is found.  At that time, this option will
         be removed.
        </P
></BLOCKQUOTE
></DIV
></DD
></DL
></DIV
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="runtime-config-file-locations.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="runtime-config-resource.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>File Locations</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="runtime-config.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Resource Consumption</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

Youez - 2016 - github.com/yon3zu
LinuXploit