PostgreSQL Reference Manual - Volume 3 - Server Administration Guide by The PostgreSQL Global Development Group Paperback (6"x9"), 204 pages ISBN 0954612043 RRP £13.95 ($24.95) Sales of this book support the PostgreSQL project! Get a printed copy>>>

PostgreSQL Reference Manual Volume 3 Buy the book here! >>> support free software

4.3.2 Security and Authentication

authentication_timeout (integer)

Maximum time to complete client authentication, in seconds. If a would-be client has not completed the authentication protocol in this much time, the server breaks the connection. This prevents hung clients from occupying a connection indefinitely. The default is one minute (1m). This parameter can only be set in the ‘postgresql.conf’ file or on the server command line.

ssl (boolean)

Enables SSL connections. Please read section 3.7 Secure TCP/IP Connections with SSL before using this. The default is off. This parameter can only be set at server start.

password_encryption (boolean)

When a password is specified in CREATE USER or ALTER USER without writing either ENCRYPTED or UNENCRYPTED, this parameter determines whether the password is to be encrypted. The default is on (encrypt the password).

krb_server_keyfile (string)

Sets the location of the Kerberos server key file. See section 7.2.3 Kerberos authentication for details. This parameter can only be set at server start.

krb_srvname (string)

Sets the Kerberos service name. See section 7.2.3 Kerberos authentication for details. This parameter can only be set at server start.

krb_server_hostname (string)

Sets the host name part of the service principal. This, combined with krb_srvname, is used to generate the complete service principal, that is krb_srvname/krb_server_hostname@REALM. If not set, the default is the server host name. See section 7.2.3 Kerberos authentication for details. This parameter can only be set at server start.

krb_caseins_users (boolean)

Sets whether Kerberos user names should be treated case-insensitively. The default is off (case sensitive). This parameter can only be set at server start.

db_user_namespace (boolean)

This parameter enables per-database user names. It is off by default. This parameter can only be set in the ‘postgresql.conf’ file or on the server command line. If this is on, you should create users as username@dbname. When username is passed by a connecting client, @ and the database name are appended to the user name and that database-specific user name is looked up by the server. Note that when you create users with names containing @ within the SQL environment, you will need to quote the user name. With this parameter enabled, you can still create ordinary global users. Simply append @ when specifying the user name in the client. The @ will be stripped off before the user name is looked up by the server.

Note: This feature is intended as a temporary measure until a complete solution is found. At that time, this option will be removed.