Documentation about using CIDR addresses in pg_hba.conf.

Andrew Dunstan
This commit is contained in:
Bruce Momjian 2003-06-25 01:20:50 +00:00
parent d9ddbdaa95
commit eaef65f68e

View File

@ -1,5 +1,5 @@
<!--
$Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.51 2003/06/25 01:14:05 momjian Exp $
$Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.52 2003/06/25 01:20:50 momjian Exp $
-->
<chapter id="client-authentication">
@ -83,11 +83,13 @@ $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.51 2003/06/25 01:14:05
</para>
<para>
A record may have one of the three formats
A record may have one of the five formats
<synopsis>
local <replaceable>database</replaceable> <replaceable>user</replaceable> <replaceable>authentication-method</replaceable> <optional><replaceable>authentication-option</replaceable></optional>
host <replaceable>database</replaceable> <replaceable>user</replaceable> <replaceable>IP-address</replaceable> <replaceable>IP-mask</replaceable> <replaceable>authentication-method</replaceable> <optional><replaceable>authentication-option</replaceable></optional>
hostssl <replaceable>database</replaceable> <replaceable>user</replaceable> <replaceable>IP-address</replaceable> <replaceable>IP-mask</replaceable> <replaceable>authentication-method</replaceable> <optional><replaceable>authentication-option</replaceable></optional>
host <replaceable>database</replaceable> <replaceable>user</replaceable> <replaceable>IP-address</replaceable>/<replaceable>CIDR-mask</replaceable> <replaceable>authentication-method</replaceable> <optional><replaceable>authentication-option</replaceable></optional>
hostssl <replaceable>database</replaceable> <replaceable>user</replaceable> <replaceable>IP-address</replaceable>/<replaceable>CIDR-mask</replaceable> <replaceable>authentication-method</replaceable> <optional><replaceable>authentication-option</replaceable></optional>
</synopsis>
The meaning of the fields is as follows:
@ -176,7 +178,7 @@ hostssl <replaceable>database</replaceable> <replaceable>user</replaceable> <
<term><replaceable>IP-mask</replaceable></term>
<listitem>
<para>
These two fields contain IP address/mask values in standard
These two fields contain IP address and mask values in standard
dotted decimal notation. (IP addresses can only be specified
numerically, not as domain or host names.) Taken together they
specify the client machine IP addresses that this record
@ -200,6 +202,34 @@ hostssl <replaceable>database</replaceable> <replaceable>user</replaceable> <
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>CIDR-mask</replaceable></term>
<listitem>
<para>
This is an integer specifying the number of significant bits
to set in the mask, and is an alternative to using the
<replaceable>IP-mask</replaceable> notation. The number must
be between 0 and 32 (in the case of an IPv4 address) or 128
(in the case of an IPv6 address) inclusive. 0 will match any
address, while 32/128 will match only the exact host specified.
The same matching logic is used as for a dotted notation
<replaceable>IP-Mask</replaceable>.
</para>
<para>
There must be no white space between the <replaceable>IP-address</replaceable>
and the <literal>/</literal> or the <literal>/</literal> and the
<replaceable>CIDR-mask</replaceable>, or the file will not be parsed
correctly.
</para>
<para>
This field only applies to <literal>host</literal> and
<literal>hostssl</literal> records.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><replaceable>authentication-method</replaceable></term>
<listitem>