User authentication
User authentication in Managed Service for Greenplum® is set up under User authentication using rules. This section is an interface for the pg_hba.conf
- Some connection types and authentication methods are not available.
- Using system databases and users is not allowed.
- Special values and regular expressions for databases and users are not available.
For more information about these limitations, see Authentication rule settings.
Each authentication rule determines the connection type, DB name, user name or user group name, host FQDN or IP range to connect from, and authentication method. Rules are read from top to bottom, and the first suitable one is applied for authentication. If authentication based on the first suitable rule fails, other rules are not applied.
If no authentication rules are set, the default rule is used; it allows authentication for all users in any database and from any host using the md5
method (password-based authentication). If the authentication rules are set, the default rule is read last.
Authentication rule settings
You can specify the following authentication settings when adding or updating rules:
Available connection types:
host
: TCP/IP with or without SSL encryptionhostssl
: TCP/IP with SSL encryptionhostnossl
: TCP/IP without SSL encryption
The following is not available to databases and users:
- System databases, e.g.,
postgres
. - System users, e.g., mdb_admin.
- Special values, e.g.,
all
orsameuser
. - Regular expressions
The name of a database user group must begin with +
, e.g, +dbwriters
.
As an address, you can use a host's FQDN, IP range, or the special all
value that allows connections from any host:
rc1b-drajz6j1rv******.mdb.yandexcloud.net
172.20.143.89/32
::0/0
all
The following authentication methods are supported:
md5
: Password-based authentication. For more information, see the PostgreSQL documentation .reject
: User connection is not allowed.
For more information about the settings, see the PostgreSQL documentation
Greenplum® and Greenplum Database® are registered trademarks or trademarks of VMware, Inc. in the United States and/or other countries.