The System>Authentication screen allows users with Operator Basic, Operator, and Admin permission to view the Greenplum Database host-based authentication file, pg_hba.conf.

Users with Admin permission can add, remove, change, and move entries in the file. The Command Center UI validates entries to ensure correct syntax. Previous versions of the file are archived so that you can restore an earlier version or audit changes.

See Authentication for an overview of user authentication options for Greenplum Database and Greenplum Command Server.

See pg_hba.conf file in the PostgreSQL documentation for a detailed description of the contents of the pg_hba.conf file.

Viewing the Host-Based Authentication File

Choose Admin>Authentication to display the content of the Greenplum Database pg_hba.conf file.

The pg_hba.conf file contains a list of entries that specify the characteristics of database connection requests and authentication methods. When Greenplum Database receives a connection request from a client, it compares the request to each entry in the pg_hba.conf entry in turn until a match is found. The request is authenticated using the specified authentication method and, if successful, the connection is accepted.

Editing the Host-Based Authentication File

Command Center users with the Admin permission can edit the pg_hba.conf file. Note that any changes you make are lost if you move to another screen before you save them.

  • To change an existing entry, click anywhere on the entry. Edit the fields and click Save to save your changes, or Cancel to revert changes.
  • To move an entry up or down in the list, click on the Bug symbol, drag the line to the desired location, and release.
  • To add a new entry to the end of the file, click Add New Entry at the bottom of the screen. Edit the fields and click Save to save your changes, or Cancel to abandon the new entry.
  • To add a new entry after an existing entry, highlight the existing entry and click Add. Edit the fields and click Save to save your changes, or Cancel to abandon the new entry.
  • To copy an entry, select the entry and click Duplicate. A copy of the selected entry is added below the selected entry and displayed for editing. Edit the fields and click Save to save your changes, or Cancel to abandon the copy.
  • To add a comment to the file, add an entry by clicking Add New Entry or Add and then choose # from the Type list.
  • To toggle an entry between active and inactive, select the line and click the active/inactive toggle control to the right. This action adds or removes a comment character (#) at the beginning of the entry.
  • To remove an entry, highlight the line and click Delete. The entry is displayed with strikethrough text. You can restore the entry by highlighting it and clicking undelete. The entry is permanently removed when you click Save config and update GPDB.
  • To finish editing, click Save config and update GPDB. Then click Save and Update to save your changes or click Cancel to return with your edits intact.

When you select Save and Update, the pg_hba.conf file is saved and refreshed in Greenplum Database. Note that existing client connections are unaffected.

Loading a Previous Version of the Host-Based Authentication File

When you save a new version of the pg_hba.conf file, a copy is saved in the Greenplum Database $MASTER_DATA_DIRECTORY/pg_hba_archive directory as pg_hba.conf-<timestamp>.

To view an archived version of the pg_hba.conf file, click Load versions… and click the timestamp for the version to display.

To revert to a previous version of the file, load the previous version and then click Save config and update GPDB. The configuration is refreshed in Greenplum Database and saved as a new version in the archive directory.