Connection Manager Authentication v6.0.2

Suggest edits

Connection Manager's authentication is configured through Postgres's own pg_hba.conf file. Connection Manager uses the same authentication methods as Postgres.

Connection Manager connection types

Connection Manager supports the following connection types in pg_hba.conf:

  • host - TCP/IP connections
  • hostssl - TCP/IP connections with SSL
  • hostnossl - TCP/IP connections without SSL

Connection Manager authentication methods

Connection Manager supports the following authentication methods in pg_hba.conf:

  • trust - No authentication
  • reject - Reject the connection
  • md5 - MD5 password authentication
  • scram-sha-256 - SCRAM-SHA-256 password authentication
  • cert - SSL certificate authentication
Note

Connection Manager needs to be able to authenticate to the PGD nodes as the client user. Configure the pg_hba.conf file on each PGD node to accept connections originating from other PGD nodes for replication and internal communications.

When using a certificate authentication method, the Connection Manager presents its server key. You must configure the PGD node to accept this certificate from the Connection Manager address.

Connection Manager authentication options

Connection Manager also supports regular expression matching for the user and database fields in pg_hba.conf. This allows you to specify a pattern for matching user and database names, making it easier to manage authentication for multiple users and databases.

Group membership checks are also supported. This allows you to specify a group of users that can connect to the database, rather than specifying each user individually.

Unsupported pg_hba.conf rules

Where a rule is not supported by Connection Manager, it will be logged as a warning and ignored.

← Prev

Connection Manager overview

↑ Up

Connection Manager

Next →

Configuring Connection Manager