The Authentication tab of the Admin view allows users with Operator Basic, Operator, and Admin permission to view the VMware Greenplum host-based authentication file, pg_hba.conf.
Users with Admin permission can add, remove, change, and move entries in the file. The Command Center UI validates entries to ensure correct syntax. Previous versions of the file are archived so that you can restore an earlier version or audit changes.
See Authentication Options for an overview of user authentication options for VMware Greenplum and Greenplum Command Server.
See Configuring Client Authentication in the VMware Greenplum administration documentation for a detailed description of the contents of the pg_hba.conf file.
Viewing the Host-Based Authentication File
Click the Authentication tab of the Admin view to display the content of the VMware Greenplum pg_hba.conf file.
The pg_hba.conf file contains a list of entries that specify the characteristics of database connection requests and authentication methods. When VMware Greenplum receives a connection request from a client, it compares the request to each entry in the pg_hba.conf entry in turn until a match is found. The request is authenticated using the specified authentication method and, if successful, the connection is accepted.
Editing the Host-Based Authentication File
Command Center users with the Admin permission can edit the pg_hba.conf file. Note that any changes you make are lost if you move to another screen before you save them.
To make any changes to the pg_hba.conf file:
- Click Edit to enable editing of the file.
- Make one or more changes to the file as necessary:
- To change an existing entry, click anywhere on the entry. Edit the fields and click SAVE LINE EDIT to save your changes, or CANCEL to revert changes to the entry.
- To move an entry up or down in the list, click on the
symbol, drag the line to the desired location, and release. - To add a new entry to the file, place your mouse pointer on the location to add the new entry, then click Add to add an empty line, or click Clone to clone the contents of an existing entry. Edit the fields of the new entry as desired, then click SAVE LINE EDIT to save your changes, or CANCEL to cancel adding the new entry.
- To toggle an entry between active and inactive, place your mouse pointer over the entry and click the Active toggle control. This action adds or removes a comment character (
#) at the beginning of the entry in the file. - To remove an entry, place your mouse pointer over the entry and click Delete. The entry is displayed with strikethrough text.
-
Click NEXT to review all changes to the
pg_hba.conffile, or ABANDON CHANGES to abandon all changes.On the review page, Command Center shows all proposed changes to the file in
diffformat, with additions in green and deletions in red. You can sync the modifiedpg_hba.conffile to the standby coordinator by selecting the Sync standby coordinator with coordinator option. If you select this option, proposed changes to both files are shown in the review:
- Click SAVE AND UPDATE to apply changes to the coordinator (and to the standby coordinator if selected), or click ABANDON CHANGES to abandon all proposed changes to the file.
When you select SAVE AND UPDATE, the pg_hba.conf file is saved and refreshed on the VMware Greenplum coordinator, and optionally on the standby coordinator. Note that existing client connections are unaffected.
Loading a Previous Version of the Host-Based Authentication File
When you save a new version of the pg_hba.conf file, a copy is saved in the VMware Greenplum $COORDINATOR_DATA_DIRECTORY/pg_hba_archive directory as pg_hba.conf-<timestamp>.
To modify and apply an archived version of the pg_hba.conf file, click Version History and click the timestamp for the version of the file that you want to display or modify. Make any desired modifications and apply changes as described in the previous procedure.
If you apply the archive file to your cluster, the configuration is refreshed in VMware Greenplum and saved as a new version in the archive directory.
