Configure the Netezza Performance Server host authentication for clients
By default, the system is configured to accept either secured or unsecured SSL connections from Netezza Performance Server clients. The client connection request specifies the user name, password, database access, connection type (either secured or unsecured), and the IP address of the client. The Netezza Performance Server system confirms the account information, then accepts the connection as either secured or unsecured (based on the client request and the Netezza Performance Server host configuration) if the account information is valid.
If your users are located within the secure firewall of your network or they use a protocol such as ssh to securely connect to the Netezza Performance Server system, you might require them to use unsecured communications, which avoids the performance overhead of secured communications. If you have one or more clients who are outside that firewall, you might require them to use secured connections. The Netezza Performance Server system provides a flexible way to configure access security and encryption for your client users.
To configure and manage the client access connections, you use the SET CONNECTION, DROP CONNECTION, and SHOW CONNECTION commands. These commands manage updates to the /nz/data/pg_hba.conf file for you, and provide mechanisms for remote updates, concurrent changes from multiple administrators, and protection from accidental errors when you edit the file.
type dbName ipAddress addressMask authType
- type
- Specifies a connection record type. The type field can have one
of the following values:
- host
- Specifies the access permission for users who connect to Netezza Performance Server databases by using IP connections. Users in the specified IP range might use secured or unsecured connections; the Netezza Performance Server host accepts either.
- hostssl
- Specifies the access permission for only those users who connect to Netezza Performance Server databases by using SSL secured IP connections. Users in the specified IP range who request unsecured connections are rejected.
- hostnossl
- Specifies the authentication for users who request to connect with unsecured IP connections. Users in the specified IP range who request secured connections are rejected.
- local
- Specifies the authentication for users who connect over a UNIX socket; that is, they are logged in locally to the Netezza Performance Server system, such as at the administration console.
- dbName
- Specifies the name of the DB to which the user might request a connection. The value can be ALL to allow connections to any database on the Netezza Performance Server system (if their user account has object permissions to that database) or a specific database name.
- ipAddress
- Specifies an IP address in standard decimal notation for one or more client users who might connect to the Netezza Performance Server system. This field is used only for host, hostssl, and hostnossl connection types.
- addressMask
- Specifies an IP address mask in standard decimal notation to identify a range of one or more client users who might connect to the Netezza Performance Server system. This field is used only for host, hostssl, and hostnossl connection types. For details about subnet masks, see any general TCP/IP documentation. For example, a mask of 0.0.0.0 indicates that the record is for a connection request from the specific ipAddress value. An ipAddress of 1.2.3.4 and a mask of 255.255.255.0 indicates that the record defines connection attempts for any client that has an IP address in the range of 1.2.3.1–255.
- authType
- Specifies the authentication method for the Netezza Performance Server system. Specify this value when you create a connection record for local authentication. (You cannot specify an authentication type for LDAP or Kerberos authentication.) The values are trust, md5, crypt, password, and SHA_256. For information about local values, see the IBM® Netezza® Database User’s Guide.