32.1. Database Connection Control Functions
The following functions deal with making a connection to a Postgres Pro backend server. An application program can have several backend connections open at one time. (One reason to do that is to access more than one database.) Each connection is represented by a PGconn
object, which is obtained from the function PQconnectdb
, PQconnectdbParams
, or PQsetdbLogin
. Note that these functions will always return a non-null object pointer, unless perhaps there is too little memory even to allocate the PGconn
object. The PQstatus
function should be called to check the return value for a successful connection before queries are sent via the connection object.
Warning
If untrusted users have access to a database that has not adopted a secure schema usage pattern, begin each session by removing publicly-writable schemas from search_path
. One can set parameter key word options
to value -csearch_path=
. Alternately, one can issue PQexec(
after connecting. This consideration is not specific to libpq; it applies to every interface for executing arbitrary SQL commands. conn
, "SELECT pg_catalog.set_config('search_path', '', false)")
Warning
On Unix, forking a process with open libpq connections can lead to unpredictable results because the parent and child processes share the same sockets and operating system resources. For this reason, such usage is not recommended, though doing an exec
from the child process to load a new executable is safe.
PQconnectdbParams
Makes a new connection to the database server.
PGconn *PQconnectdbParams(const char * const *keywords, const char * const *values, int expand_dbname);
This function opens a new database connection using the parameters taken from two
NULL
-terminated arrays. The first,keywords
, is defined as an array of strings, each one being a key word. The second,values
, gives the value for each key word. UnlikePQsetdbLogin
below, the parameter set can be extended without changing the function signature, so use of this function (or its nonblocking analogsPQconnectStartParams
andPQconnectPoll
) is preferred for new application programming.The currently recognized parameter key words are listed in Section 32.1.2.
The passed arrays can be empty to use all default parameters, or can contain one or more parameter settings. They must be matched in length. Processing will stop at the first
NULL
entry in thekeywords
array. Also, if thevalues
entry associated with a non-NULL
keywords
entry isNULL
or an empty string, that entry is ignored and processing continues with the next pair of array entries.When
expand_dbname
is non-zero, the value for the firstdbname
key word is checked to see if it is a connection string. If so, it is “expanded” into the individual connection parameters extracted from the string. The value is considered to be a connection string, rather than just a database name, if it contains an equal sign (=
) or it begins with a URI scheme designator. (More details on connection string formats appear in Section 32.1.1.) Only the first occurrence ofdbname
is treated in this way; any subsequentdbname
parameter is processed as a plain database name.In general the parameter arrays are processed from start to end. If any key word is repeated, the last value (that is not
NULL
or empty) is used. This rule applies in particular when a key word found in a connection string conflicts with one appearing in thekeywords
array. Thus, the programmer may determine whether array entries can override or be overridden by values taken from a connection string. Array entries appearing before an expandeddbname
entry can be overridden by fields of the connection string, and in turn those fields are overridden by array entries appearing afterdbname
(but, again, only if those entries supply non-empty values).After processing all the array entries and any expanded connection string, any connection parameters that remain unset are filled with default values. If an unset parameter's corresponding environment variable (see Section 32.14) is set, its value is used. If the environment variable is not set either, then the parameter's built-in default value is used.
PQconnectdb
Makes a new connection to the database server.
PGconn *PQconnectdb(const char *conninfo);
This function opens a new database connection using the parameters taken from the string
conninfo
.The passed string can be empty to use all default parameters, or it can contain one or more parameter settings separated by whitespace, or it can contain a URI. See Section 32.1.1 for details.
PQsetdbLogin
Makes a new connection to the database server.
PGconn *PQsetdbLogin(const char *pghost, const char *pgport, const char *pgoptions, const char *pgtty, const char *dbName, const char *login, const char *pwd);
This is the predecessor of
PQconnectdb
with a fixed set of parameters. It has the same functionality except that the missing parameters will always take on default values. WriteNULL
or an empty string for any one of the fixed parameters that is to be defaulted.If the
dbName
contains an=
sign or has a valid connection URI prefix, it is taken as aconninfo
string in exactly the same way as if it had been passed toPQconnectdb
, and the remaining parameters are then applied as specified forPQconnectdbParams
.PQsetdb
Makes a new connection to the database server.
PGconn *PQsetdb(char *pghost, char *pgport, char *pgoptions, char *pgtty, char *dbName);
This is a macro that calls
PQsetdbLogin
with null pointers for thelogin
andpwd
parameters. It is provided for backward compatibility with very old programs.PQconnectStartParams
PQconnectStart
PQconnectPoll
Make a connection to the database server in a nonblocking manner.
PGconn *PQconnectStartParams(const char * const *keywords, const char * const *values, int expand_dbname); PGconn *PQconnectStart(const char *conninfo); PostgresPollingStatusType PQconnectPoll(PGconn *conn);
These three functions are used to open a connection to a database server such that your application's thread of execution is not blocked on remote I/O whilst doing so. The point of this approach is that the waits for I/O to complete can occur in the application's main loop, rather than down inside
PQconnectdbParams
orPQconnectdb
, and so the application can manage this operation in parallel with other activities.With
PQconnectStartParams
, the database connection is made using the parameters taken from thekeywords
andvalues
arrays, and controlled byexpand_dbname
, as described above forPQconnectdbParams
.With
PQconnectStart
, the database connection is made using the parameters taken from the stringconninfo
as described above forPQconnectdb
.Neither
PQconnectStartParams
norPQconnectStart
norPQconnectPoll
will block, so long as a number of restrictions are met:The
hostaddr
andhost
parameters are used appropriately to ensure that name and reverse name queries are not made. See the documentation of these parameters in Section 32.1.2 for details.If you call
PQtrace
, ensure that the stream object into which you trace will not block.You ensure that the socket is in the appropriate state before calling
PQconnectPoll
, as described below.
Note: use of
PQconnectStartParams
is analogous toPQconnectStart
shown below.To begin a nonblocking connection request, call
conn = PQconnectStart("
. Ifconnection_info_string
")conn
is null, then libpq has been unable to allocate a newPGconn
structure. Otherwise, a validPGconn
pointer is returned (though not yet representing a valid connection to the database). On return fromPQconnectStart
, callstatus = PQstatus(conn)
. Ifstatus
equalsCONNECTION_BAD
,PQconnectStart
has failed.If
PQconnectStart
succeeds, the next stage is to poll libpq so that it can proceed with the connection sequence. UsePQsocket(conn)
to obtain the descriptor of the socket underlying the database connection. Loop thus: IfPQconnectPoll(conn)
last returnedPGRES_POLLING_READING
, wait until the socket is ready to read (as indicated byPQselect()
orPQselectExtended()
). Then callPQconnectPoll(conn)
again. Conversely, ifPQconnectPoll(conn)
last returnedPGRES_POLLING_WRITING
, wait until the socket is ready to write, then callPQconnectPoll(conn)
again. If you have yet to callPQconnectPoll
, i.e., just after the call toPQconnectStart
, behave as if it last returnedPGRES_POLLING_WRITING
. Continue this loop untilPQconnectPoll(conn)
returnsPGRES_POLLING_FAILED
, indicating the connection procedure has failed, orPGRES_POLLING_OK
, indicating the connection has been successfully made.At any time during connection, the status of the connection can be checked by calling
PQstatus
. If this call returnsCONNECTION_BAD
, then the connection procedure has failed; if the call returnsCONNECTION_OK
, then the connection is ready. Both of these states are equally detectable from the return value ofPQconnectPoll
, described above. Other states might also occur during (and only during) an asynchronous connection procedure. These indicate the current stage of the connection procedure and might be useful to provide feedback to the user for example. These statuses are:CONNECTION_STARTED
Waiting for connection to be made.
CONNECTION_MADE
Connection OK; waiting to send.
CONNECTION_AWAITING_RESPONSE
Waiting for a response from the server.
CONNECTION_AUTH_OK
Received authentication; waiting for backend start-up to finish.
CONNECTION_SSL_STARTUP
Negotiating SSL encryption.
CONNECTION_SETENV
Negotiating environment-driven parameter settings.
Note that, although these constants will remain (in order to maintain compatibility), an application should never rely upon these occurring in a particular order, or at all, or on the status always being one of these documented values. An application might do something like this:
switch(PQstatus(conn)) { case CONNECTION_STARTED: feedback = "Connecting..."; break; case CONNECTION_MADE: feedback = "Connected to server..."; break; . . . default: feedback = "Connecting..."; }
The
connect_timeout
connection parameter is ignored when usingPQconnectPoll
; it is the application's responsibility to decide whether an excessive amount of time has elapsed. Otherwise,PQconnectStart
followed by aPQconnectPoll
loop is equivalent toPQconnectdb
.Note that if
PQconnectStart
returns a non-null pointer, you must callPQfinish
when you are finished with it, in order to dispose of the structure and any associated memory blocks. This must be done even if the connection attempt fails or is abandoned.PQconndefaults
Returns the default connection options.
PQconninfoOption *PQconndefaults(void); typedef struct { char *keyword; /* The keyword of the option */ char *envvar; /* Fallback environment variable name */ char *compiled; /* Fallback compiled in default value */ char *val; /* Option's current value, or NULL */ char *label; /* Label for field in connect dialog */ char *dispchar; /* Indicates how to display this field in a connect dialog. Values are: "" Display entered value as is "*" Password field - hide value "D" Debug option - don't show by default */ int dispsize; /* Field size in characters for dialog */ } PQconninfoOption;
Returns a connection options array. This can be used to determine all possible
PQconnectdb
options and their current default values. The return value points to an array ofPQconninfoOption
structures, which ends with an entry having a nullkeyword
pointer. The null pointer is returned if memory could not be allocated. Note that the current default values (val
fields) will depend on environment variables and other context. A missing or invalid service file will be silently ignored. Callers must treat the connection options data as read-only.After processing the options array, free it by passing it to
PQconninfoFree
. If this is not done, a small amount of memory is leaked for each call toPQconndefaults
.PQconninfo
Returns the connection options used by a live connection.
PQconninfoOption *PQconninfo(PGconn *conn);
Returns a connection options array. This can be used to determine all possible
PQconnectdb
options and the values that were used to connect to the server. The return value points to an array ofPQconninfoOption
structures, which ends with an entry having a nullkeyword
pointer. All notes above forPQconndefaults
also apply to the result ofPQconninfo
.PQconninfoParse
Returns parsed connection options from the provided connection string.
PQconninfoOption *PQconninfoParse(const char *conninfo, char **errmsg);
Parses a connection string and returns the resulting options as an array; or returns
NULL
if there is a problem with the connection string. This function can be used to extract thePQconnectdb
options in the provided connection string. The return value points to an array ofPQconninfoOption
structures, which ends with an entry having a nullkeyword
pointer.All legal options will be present in the result array, but the
PQconninfoOption
for any option not present in the connection string will haveval
set toNULL
; default values are not inserted.If
errmsg
is notNULL
, then*errmsg
is set toNULL
on success, else to amalloc
'd error string explaining the problem. (It is also possible for*errmsg
to be set toNULL
and the function to returnNULL
; this indicates an out-of-memory condition.)After processing the options array, free it by passing it to
PQconninfoFree
. If this is not done, some memory is leaked for each call toPQconninfoParse
. Conversely, if an error occurs anderrmsg
is notNULL
, be sure to free the error string usingPQfreemem
.PQfinish
Closes the connection to the server. Also frees memory used by the
PGconn
object.void PQfinish(PGconn *conn);
Note that even if the server connection attempt fails (as indicated by
PQstatus
), the application should callPQfinish
to free the memory used by thePGconn
object. ThePGconn
pointer must not be used again afterPQfinish
has been called.PQreset
Resets the communication channel to the server.
void PQreset(PGconn *conn);
This function will close the connection to the server and attempt to reestablish a new connection to the same server, using all the same parameters previously used. This might be useful for error recovery if a working connection is lost.
PQresetStart
PQresetPoll
Reset the communication channel to the server, in a nonblocking manner.
int PQresetStart(PGconn *conn); PostgresPollingStatusType PQresetPoll(PGconn *conn);
These functions will close the connection to the server and attempt to reestablish a new connection to the same server, using all the same parameters previously used. This can be useful for error recovery if a working connection is lost. They differ from
PQreset
(above) in that they act in a nonblocking manner. These functions suffer from the same restrictions asPQconnectStartParams
,PQconnectStart
andPQconnectPoll
.To initiate a connection reset, call
PQresetStart
. If it returns 0, the reset has failed. If it returns 1, poll the reset usingPQresetPoll
in exactly the same way as you would create the connection usingPQconnectPoll
.PQpingParams
PQpingParams
reports the status of the server. It accepts connection parameters identical to those ofPQconnectdbParams
, described above. It is not necessary to supply correct user name, password, or database name values to obtain the server status; however, if incorrect values are provided, the server will log a failed connection attempt.PGPing PQpingParams(const char * const *keywords, const char * const *values, int expand_dbname);
The function returns one of the following values:
PQPING_OK
The server is running and appears to be accepting connections.
PQPING_REJECT
The server is running but is in a state that disallows connections (startup, shutdown, or crash recovery).
PQPING_NO_RESPONSE
The server could not be contacted. This might indicate that the server is not running, or that there is something wrong with the given connection parameters (for example, wrong port number), or that there is a network connectivity problem (for example, a firewall blocking the connection request).
PQPING_NO_ATTEMPT
No attempt was made to contact the server, because the supplied parameters were obviously incorrect or there was some client-side problem (for example, out of memory).
PQping
PQping
reports the status of the server. It accepts connection parameters identical to those ofPQconnectdb
, described above. It is not necessary to supply correct user name, password, or database name values to obtain the server status; however, if incorrect values are provided, the server will log a failed connection attempt.PGPing PQping(const char *conninfo);
The return values are the same as for
PQpingParams
.
32.1.1. Connection Strings
Several libpq functions parse a user-specified string to obtain connection parameters. There are two accepted formats for these strings: plain keyword = value
strings and RFC 3986 URIs.
32.1.1.1. Keyword/Value Connection Strings
In the first format, each parameter setting is in the form keyword = value
. Spaces around the equal sign are optional. To write an empty value, or a value containing spaces, surround it with single quotes, e.g., keyword = 'a value'
. Single quotes and backslashes within the value must be escaped with a backslash, i.e., \'
and \\
.
Example:
host=localhost port=5432 dbname=mydb connect_timeout=10
The recognized parameter key words are listed in Section 32.1.2.
32.1.1.2. Connection URIs
The general form for a connection URI is:
postgresql://[user[:password]@][host][:port][,host[:port]...][/dbname][?param1=value1&...]
The URI scheme designator can be either postgresql://
or postgres://
. Each of the remaining URI parts is optional. The following examples illustrate valid URI syntax:
postgresql:// postgresql://localhost postgresql://localhost:5433 postgresql://localhost/mydb postgresql://user@localhost postgresql://user:secret@localhost postgresql://other@localhost/otherdb?connect_timeout=10&application_name=myapp postgresql://node1,node2:5433,node3:4432,node4/mydb?hostorder=random&target_server_type=any
Values that would normally appear in the hierarchical part of the URI can alternatively be given as named parameters. For example:
postgresql:///mydb?host=localhost&port=5433
All named parameters must match key words listed in Section 32.1.2, except that for compatibility with JDBC connection URIs, instances of ssl=true
are translated into sslmode=require
and loadBalanceHosts=true
into hostorder=random
.
Percent-encoding may be used to include symbols with special meaning in any of the URI parts.
The host part may be either a host name or an IP address. To specify an IPv6 address, enclose it in square brackets:
postgresql://[2001:db8::1234]/database
There can be several host specifications, optionally accompanied with port, separated by comma.
The host part is interpreted as described for the parameter host. In particular, a Unix-domain socket connection is chosen if the host part is either empty or looks like an absolute path name, otherwise a TCP/IP connection is initiated. Note, however, that the slash is a reserved character in the hierarchical part of the URI. So, to specify a non-standard Unix-domain socket directory, either omit the host part of the URI and specify the host as a named parameter, or percent-encode the path in the host part of the URI:
postgresql:///dbname?host=/var/lib/postgresql postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
32.1.2. Parameter Key Words
The currently recognized parameter key words are:
host
Name of host to connect to. If this begins with a slash, it specifies Unix-domain communication rather than TCP/IP communication; the value is the name of the directory in which the socket file is stored. The default behavior when
host
is not specified is to connect to a Unix-domain socket in/tmp
(or whatever socket directory was specified when Postgres Pro was built). On machines without Unix-domain sockets, the default is to connect tolocalhost
.There can be more than one
host
parameter in the connection string. In this case these hosts would be considered alternate entries into same database and if connection to first one fails, the second would be attempted, and so on. This can be used for high availability clusters or for load balancing. See the hostorder parameter. This feature works for TCP/IP host names only.The network host name can be accompanied by a port number, separated by colon. This port number is used only when connected to this host. If there is no port number, the port specified in the port parameter would be used instead.
hostaddr
Numeric IP address of host to connect to. This should be in the standard IPv4 address format, e.g.,
172.28.40.9
. If your machine supports IPv6, you can also use those addresses. TCP/IP communication is always used when a nonempty string is specified for this parameter.Using
hostaddr
instead ofhost
allows the application to avoid a host name look-up, which might be important in applications with time constraints. However, a host name is required for GSSAPI or SSPI authentication methods, as well as forverify-full
SSL certificate verification. The following rules are used:If
host
is specified withouthostaddr
, a host name lookup occurs.If
hostaddr
is specified withouthost
, the value forhostaddr
gives the server network address. The connection attempt will fail if the authentication method requires a host name.If both
host
andhostaddr
are specified, the value forhostaddr
gives the server network address. The value forhost
is ignored unless the authentication method requires it, in which case it will be used as the host name.
Note that authentication is likely to fail if
host
is not the name of the server at network addresshostaddr
. Also, note thathost
rather thanhostaddr
is used to identify the connection in~/.pgpass
(see Section 32.15).Without either a host name or host address, libpq will connect using a local Unix-domain socket; or on machines without Unix-domain sockets, it will attempt to connect to
localhost
.hostorder
Specifies how to choose the host from the list of alternate hosts, specified in the host parameter.
If the value of this argument is
sequential
(default), connections to the hosts will be attempted in the order in which they are specified.If the value is
random
, the host to connect to will be randomly picked from the list. It allows load balancing between several cluster nodes. However, PostgreSQL doesn't currently support multimaster clusters. So, without the use of third-party products, only read-only connections can take advantage from load-balancing. See target_server_type.target_server_type
If this parameter is
master
(default), upon successful connection the host is checked to determine whether it is in a recovery state. If it is, it then tries next host in the connection string. If this parameter isany
, connection to standby nodes are considered successful.port
Port number to connect to at the server host, or socket file name extension for Unix-domain connections.
dbname
The database name. Defaults to be the same as the user name. In certain contexts, the value is checked for extended formats; see Section 32.1.1 for more details on those.
user
Postgres Pro user name to connect as. Defaults to be the same as the operating system name of the user running the application.
password
Password to be used if the server demands password authentication.
connect_timeout
Maximum wait for connection, in seconds (write as a decimal integer string). Zero or not specified means wait indefinitely. It is not recommended to use a timeout of less than 2 seconds.
failover_timeout
Maximum time to cyclically retry all the hosts in the connection string (as decimal integer number of seconds). If not specified, then hosts are tried just once.
If we have replicating cluster, and master node fails, it might take some time to promote one of the standby nodes to the new master. So clients which detect failure to connect to the master might abandon attempts to reestablish a connection before the new master becomes available.
Setting this parameter to a value that takes into account the amount of time needed for failover to complete will ensure attempts to connect to hosts continue to be made until the new master becomes available.
client_encoding
This sets the
client_encoding
configuration parameter for this connection. In addition to the values accepted by the corresponding server option, you can useauto
to determine the right encoding from the current locale in the client (LC_CTYPE
environment variable on Unix systems).options
Specifies command-line options to send to the server at connection start. For example, setting this to
-c geqo=off
sets the session's value of thegeqo
parameter tooff
. Spaces within this string are considered to separate command-line arguments, unless escaped with a backslash (\
); write\\
to represent a literal backslash. For a detailed discussion of the available options, consult Chapter 19.application_name
Specifies a value for the application_name configuration parameter.
fallback_application_name
Specifies a fallback value for the application_name configuration parameter. This value will be used if no value has been given for
application_name
via a connection parameter or thePGAPPNAME
environment variable. Specifying a fallback name is useful in generic utility programs that wish to set a default application name but allow it to be overridden by the user.keepalives
Controls whether client-side TCP keepalives are used. The default value is 1, meaning on, but you can change this to 0, meaning off, if keepalives are not wanted. This parameter is ignored for connections made via a Unix-domain socket.
keepalives_idle
Controls the number of seconds of inactivity after which TCP should send a keepalive message to the server. A value of zero uses the system default. This parameter is ignored for connections made via a Unix-domain socket, or if keepalives are disabled. It is only supported on systems where
TCP_KEEPIDLE
or an equivalent socket option is available, and on Windows; on other systems, it has no effect.keepalives_interval
Controls the number of seconds after which a TCP keepalive message that is not acknowledged by the server should be retransmitted. A value of zero uses the system default. This parameter is ignored for connections made via a Unix-domain socket, or if keepalives are disabled. It is only supported on systems where
TCP_KEEPINTVL
or an equivalent socket option is available, and on Windows; on other systems, it has no effect.keepalives_count
Controls the number of TCP keepalives that can be lost before the client's connection to the server is considered dead. A value of zero uses the system default. This parameter is ignored for connections made via a Unix-domain socket, or if keepalives are disabled. It is only supported on systems where
TCP_KEEPCNT
or an equivalent socket option is available; on other systems, it has no effect.tty
Ignored (formerly, this specified where to send server debug output).
sslmode
This option determines whether or with what priority a secure SSL TCP/IP connection will be negotiated with the server. There are six modes:
disable
only try a non-SSL connection
allow
first try a non-SSL connection; if that fails, try an SSL connection
prefer
(default)first try an SSL connection; if that fails, try a non-SSL connection
require
only try an SSL connection. If a root CA file is present, verify the certificate in the same way as if
verify-ca
was specifiedverify-ca
only try an SSL connection, and verify that the server certificate is issued by a trusted certificate authority (CA)
verify-full
only try an SSL connection, verify that the server certificate is issued by a trusted CA and that the requested server host name matches that in the certificate
See Section 32.18 for a detailed description of how these options work.
sslmode
is ignored for Unix domain socket communication. If Postgres Pro is compiled without SSL support, using optionsrequire
,verify-ca
, orverify-full
will cause an error, while optionsallow
andprefer
will be accepted but libpq will not actually attempt an SSL connection.requiressl
This option is deprecated in favor of the
sslmode
setting.If set to 1, an SSL connection to the server is required (this is equivalent to
sslmode
require
). libpq will then refuse to connect if the server does not accept an SSL connection. If set to 0 (default), libpq will negotiate the connection type with the server (equivalent tosslmode
prefer
). This option is only available if Postgres Pro is compiled with SSL support.sslcompression
If set to 1 (default), data sent over SSL connections will be compressed (this requires OpenSSL version 0.9.8 or later). If set to 0, compression will be disabled (this requires OpenSSL 1.0.0 or later). This parameter is ignored if a connection without SSL is made, or if the version of OpenSSL used does not support it.
Compression uses CPU time, but can improve throughput if the network is the bottleneck. Disabling compression can improve response time and throughput if CPU performance is the limiting factor.
sslcert
This parameter specifies the file name of the client SSL certificate, replacing the default
~/.postgresql/postgresql.crt
. This parameter is ignored if an SSL connection is not made.sslkey
This parameter specifies the location for the secret key used for the client certificate. It can either specify a file name that will be used instead of the default
~/.postgresql/postgresql.key
, or it can specify a key obtained from an external “engine” (engines are OpenSSL loadable modules). An external engine specification should consist of a colon-separated engine name and an engine-specific key identifier. This parameter is ignored if an SSL connection is not made.sslrootcert
This parameter specifies the name of a file containing SSL certificate authority (CA) certificate(s). If the file exists, the server's certificate will be verified to be signed by one of these authorities. The default is
~/.postgresql/root.crt
.sslcrl
This parameter specifies the file name of the SSL certificate revocation list (CRL). Certificates listed in this file, if it exists, will be rejected while attempting to authenticate the server's certificate. The default is
~/.postgresql/root.crl
.requirepeer
This parameter specifies the operating-system user name of the server, for example
requirepeer=postgres
. When making a Unix-domain socket connection, if this parameter is set, the client checks at the beginning of the connection that the server process is running under the specified user name; if it is not, the connection is aborted with an error. This parameter can be used to provide server authentication similar to that available with SSL certificates on TCP/IP connections. (Note that if the Unix-domain socket is in/tmp
or another publicly writable location, any user could start a server listening there. Use this parameter to ensure that you are connected to a server run by a trusted user.) This option is only supported on platforms for which thepeer
authentication method is implemented; see Section 20.3.6.krbsrvname
Kerberos service name to use when authenticating with GSSAPI. This must match the service name specified in the server configuration for Kerberos authentication to succeed. (See also Section 20.3.3.)
gsslib
GSS library to use for GSSAPI authentication. Currently this is disregarded except on Windows builds that include both GSSAPI and SSPI support. In that case, set this to
gssapi
to cause libpq to use the GSSAPI library for authentication instead of the default SSPI.service
Service name to use for additional parameters. It specifies a service name in
pg_service.conf
that holds additional connection parameters. This allows applications to specify only a service name so connection parameters can be centrally maintained. See Section 32.16.