From 1b43743f1174a5b98f77c8090a89d829c2874441 Mon Sep 17 00:00:00 2001 From: Michael Paquier Date: Thu, 16 Feb 2023 07:38:52 +0900 Subject: Add description for new patterns supported in HBA and ident sample files Support for regexps in database and role entries for pg_hba.conf has been added in 8fea8683, and efb6f4a has extended support of pg-user in pg_ident.conf, still both of them have missed a short description about the new patterns supported in their respective sample files. This commit closes the gap, by providing a short description of all the new features supported for each entry type. Reported-by: Pavel Luzanov Reviewed-by: Jelte Fennema, Pavel Luzanov Discussion: https://postgr.es/m/e495112d-8741-e651-64a2-ecb5728f1a56@postgrespro.ru --- src/backend/libpq/pg_hba.conf.sample | 17 +++++++++-------- src/backend/libpq/pg_ident.conf.sample | 4 ++++ 2 files changed, 13 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/src/backend/libpq/pg_hba.conf.sample b/src/backend/libpq/pg_hba.conf.sample index 095e3b4cc00..bad13497a34 100644 --- a/src/backend/libpq/pg_hba.conf.sample +++ b/src/backend/libpq/pg_hba.conf.sample @@ -31,14 +31,15 @@ # - "hostnogssenc" is a TCP/IP socket that is not GSSAPI-encrypted # # DATABASE can be "all", "sameuser", "samerole", "replication", a -# database name, or a comma-separated list thereof. The "all" -# keyword does not match "replication". Access to replication -# must be enabled in a separate record (see example below). -# -# USER can be "all", a user name, a group name prefixed with "+", or a -# comma-separated list thereof. In both the DATABASE and USER fields -# you can also write a file name prefixed with "@" to include names -# from a separate file. +# database name, a regular expression (if it starts with a slash (/)) +# or a comma-separated list thereof. The "all" keyword does not match +# "replication". Access to replication must be enabled in a separate +# record (see example below). +# +# USER can be "all", a user name, a group name prefixed with "+", a +# regular expression (if it starts with a slash (/)) or a comma-separated +# list thereof. In both the DATABASE and USER fields you can also write +# a file name prefixed with "@" to include names from a separate file. # # ADDRESS specifies the set of hosts the record matches. It can be a # host name, or it is made up of an IP address and a CIDR mask that is diff --git a/src/backend/libpq/pg_ident.conf.sample b/src/backend/libpq/pg_ident.conf.sample index 5d32684b28f..f5225f26cdf 100644 --- a/src/backend/libpq/pg_ident.conf.sample +++ b/src/backend/libpq/pg_ident.conf.sample @@ -29,6 +29,10 @@ # will be substituted for \1 (backslash-one) if present in # PG-USERNAME. # +# PG-USERNAME can be "all", a user name, a group name prefixed with "+", or +# a regular expression (if it starts with a slash (/)). If it is a regular +# expression, the substring matching with \1 has no effect. +# # Multiple maps may be specified in this file and used by pg_hba.conf. # # No map names are defined in the default configuration. If all -- cgit v1.2.3