Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Reverted from v. 5

If you have firewalld enabled on the PostgreSQL server and you would like to allow access from other clients, you will need to add the PostgreSQL service and reload the firewall configuration.

Code Block
firewall-cmd --add-service=postgresql --permanent
firewall-cmd --reload

PostgreSQL, by default, only allows local connections. If you would like to open access to network clients or if you are installing the Client Tools on a separate server (installation type 2), modify the following configuration files:


Code Block
listen_addresses = '*'    # Allow remote connections on any network interface.
                          # You can also specify an individual IP address or
                          # comma-separated list of IP addresses.

This change requires a PostgreSQL restart.

For more detailed information, see


For every client requiring remote access, including the Client Tools processing server in a type 2 installation, a host entry is required. Briefly, a host record consists of space or tab-separated values:

  • host: local, host, hostssl, hostnossl
  • database: all, sameuser, samerole, replication
  • user: all, user name
  • address: client IP address(es), CIDR mask is allowed
  • method: trust, password, etc.

As an example, assume 2 sets of clients need access to the alexandria database, a data operations team and the CLAIMS Direct Client Tools. The data operations team will need access from any IP address on the 192.168.111.x network and the Client Tools will be updating the database from The following entries are required for access:

Code Block
# HOST    DATABASE   USER       ADDRESS               METHOD
# dataops needs access to the entire cluster, hence DATABASE is all
host      all        all      trust

# CLAIMS Direct Client Tools only need access to the alexandria database
# and by-default, use a fixed user: alexandria
host      alexandria alexandria         trust

Changes to pg_hba.conf require a configuration reload to take effect, e.g.,

Code Block
SELECT pg_reload_conf();

For a detailed explanation of the host-based access file, see

Other Methods of Authentication

Other methods of authentication may also be used. For example:

  • To use ident, create an OS user.
  • To use a password, as on md5 or scram-sha-256, CREATE ROLE … WITH PASSWORD and confirm that the same password is specified in /etc/alexandria.xml on the machine on which the Client Tools will be running.

Contact if you have different security requirements.