If you have
firewalld enabled on the PostgreSQL server and you would like to allow access from other clients, you will need to add the PostgreSQL service and reload the firewall configuration.
PostgreSQL, by default, only allows local connections. If you would like to open access to network clients or if you are installing the Client Tools on a separate server (installation type 2), modify the following configuration files:
This change requires a PostgreSQL restart.
For more detailed information, see https://www.postgresql.org/docs/10/runtime-config-connection.html.
For every client requiring remote access, including the Client Tools processing server in a type 2 installation, a host entry is required. Briefly, a host record consists of space or tab-separated values:
- host: local, host, hostssl, hostnossl
- database: all, sameuser, samerole, replication
- user: all, user name
- address: client IP address(es), CIDR mask is allowed
- method: trust, password, etc.
As an example, assume 2 sets of clients need access to the
alexandria database, a data operations team and the CLAIMS Direct Client Tools. The data operations team will need access from any IP address on the 192.168.111.x network and the Client Tools will be updating the database from 10.234.1.6. The following entries are required for access:
pg_hba.conf require a configuration reload to take effect, e.g.,
For a detailed explanation of the host-based access file, see https://www.postgresql.org/docs/10/auth-pg-hba-conf.html.
Other Methods of Authentication
Other methods of authentication may also be used. For example:
- To use ident, create an OS user.
- To use a password, as on md5 or scram-sha-256, CREATE ROLE … WITH PASSWORD and confirm that the same password is specified in
/etc/alexandria.xmlon the machine on which the Client Tools will be running.
Contact firstname.lastname@example.org if you have different security requirements.