| The PostgreSQL 9.0 Reference Manual - Volume 3 - Server Administration Guide
by The PostgreSQL Global Development Group Paperback (6"x9"), 274 pages ISBN 9781906966072 RRP £9.95 ($14.95) Sales of this book support the PostgreSQL project! Get a printed copy>>> |
11.2.5.1 Authentication
It is very important that the access privileges for replication be set up
so that only trusted users can read the WAL stream, because it is
easy to extract privileged information from it. Standby servers must
authenticate to the primary as a superuser account.
So a role with the SUPERUSER and LOGIN
privileges needs to be created on the primary.
Client authentication for replication is controlled by a
‘pg_hba.conf’ record specifying replication in the
database field. For example, if the standby is running on
host IP 192.168.1.100 and the superuser's name for replication
is foo, the administrator can add the following line to the
‘pg_hba.conf’ file on the primary:
# Allow the user "foo" from host 192.168.1.100 to connect to the primary # as a replication standby if the user's password is correctly supplied. # # TYPE DATABASE USER CIDR-ADDRESS METHOD host replication foo 192.168.1.100/32 md5
The host name and port number of the primary, connection user name,
and password are specified in the ‘recovery.conf’ file.
The password can also be set in the ‘~/.pgpass’ file on the
standby (specify replication in the database
field).
For example, if the primary is running on host IP 192.168.1.50,
port 5432, the superuser's name for replication is
foo, and the password is foopass, the administrator
can add the following line to the ‘recovery.conf’ file on the
standby:
# The standby connects to the primary that is running on host 192.168.1.50 # and port 5432 as the user "foo" whose password is "foopass". primary_conninfo = 'host=192.168.1.50 port=5432 user=foo password=foopass'
| ISBN 9781906966072 | The PostgreSQL 9.0 Reference Manual - Volume 3 - Server Administration Guide | See the print edition |