config.sgml

来自「PostgreSQL 8.1.4的源码 适用于Linux下的开源数据库系统」· SGML 代码 · 共 1,536 行 · 第 1/5 页

       </para>
      </listitem>
     </varlistentry>

     <varlistentry id="guc-max-connections" xreflabel="max_connections">
      <term><varname>max_connections</varname> (<type>integer</type>)</term>
      <indexterm>
       <primary><varname>max_connections</> configuration parameter</primary>
      </indexterm>
      <listitem>
       <para>
        Determines the maximum number of concurrent connections to the
        database server. The default is typically 100, but may be less
        if your kernel settings will not support it (as determined
        during <application>initdb</>).  This parameter can only be
        set at server start.
       </para>

       <para>
        Increasing this parameter may cause <productname>PostgreSQL</>
        to request more <systemitem class="osname">System V</> shared
        memory or semaphores than your operating system's default configuration
        allows. See <xref linkend="sysvipc"> for information on how to
        adjust those parameters, if necessary.
       </para>
      </listitem>
     </varlistentry>
     
     <varlistentry id="guc-superuser-reserved-connections"
     xreflabel="superuser_reserved_connections">
      <term><varname>superuser_reserved_connections</varname>
      (<type>integer</type>)</term>
      <indexterm>
       <primary><varname>superuser_reserved_connections</> configuration parameter</primary>
      </indexterm>
      <listitem>
       <para>
        Determines the number of connection <quote>slots</quote> that
        are reserved for connections by <productname>PostgreSQL</>
        superusers.  At most <xref linkend="guc-max-connections">
        connections can ever be active simultaneously.  Whenever the
        number of active concurrent connections is at least
        <varname>max_connections</> minus
        <varname>superuser_reserved_connections</varname>, new
        connections will be accepted only for superusers.
       </para>

       <para>
        The default value is 2. The value must be less than the value of
        <varname>max_connections</varname>. This parameter can only be
        set at server start.
       </para>
      </listitem>
     </varlistentry>

     <varlistentry id="guc-unix-socket-directory" xreflabel="unix_socket_directory">
      <term><varname>unix_socket_directory</varname> (<type>string</type>)</term>
      <indexterm>
       <primary><varname>unix_socket_directory</> configuration parameter</primary>
      </indexterm>
      <listitem>
       <para>
        Specifies the directory of the Unix-domain socket on which the
        server is to listen for
        connections from client applications.  The default is normally
        <filename>/tmp</filename>, but can be changed at build time.
        This parameter can only be set at server start.
       </para>
      </listitem>
     </varlistentry>

     <varlistentry id="guc-unix-socket-group" xreflabel="unix_socket_group">
      <term><varname>unix_socket_group</varname> (<type>string</type>)</term>
      <indexterm>
       <primary><varname>unix_socket_group</> configuration parameter</primary>
      </indexterm>
      <listitem>
       <para>
        Sets the owning group of the Unix-domain socket.  (The owning
        user of the socket is always the user that starts the
        server.)  In combination with the option
        <varname>unix_socket_permissions</varname> this can be used as
        an additional access control mechanism for Unix-domain connections.
        By default this is the empty string, which uses the default
        group for the current user.  This option can only be set at
        server start.
       </para>
      </listitem>
     </varlistentry>

     <varlistentry id="guc-unix-socket-permissions" xreflabel="unix_socket_permissions">
      <term><varname>unix_socket_permissions</varname> (<type>integer</type>)</term>
      <indexterm>
       <primary><varname>unix_socket_permissions</> configuration parameter</primary>
      </indexterm>
      <listitem>
       <para>
        Sets the access permissions of the Unix-domain socket.  Unix-domain
        sockets use the usual Unix file system permission set.
        The option value is expected to be a numeric mode
        specification in the form accepted by the
        <function>chmod</function> and <function>umask</function>
        system calls.  (To use the customary octal format the number
        must start with a <literal>0</literal> (zero).)
       </para>

       <para>
        The default permissions are <literal>0777</literal>, meaning
        anyone can connect. Reasonable alternatives are
        <literal>0770</literal> (only user and group, see also
        <varname>unix_socket_group</varname>) and <literal>0700</literal>
        (only user). (Note that for a Unix-domain socket, only write
        permission matters and so there is no point in setting or revoking
        read or execute permissions.)
       </para>

       <para>
        This access control mechanism is independent of the one
        described in <xref linkend="client-authentication">.
       </para>

       <para>
        This option can only be set at server start.
       </para>
      </listitem>
     </varlistentry>
     
     <varlistentry id="guc-bonjour-name" xreflabel="bonjour_name">
      <term><varname>bonjour_name</varname> (<type>string</type>)</term>
      <indexterm>
       <primary><varname>bonjour_name</> configuration parameter</primary>
      </indexterm>
      <listitem>
       <para>
        Specifies the <productname>Bonjour</productname> broadcast
        name.  By default, the computer name is used, specified as an
        empty string ''.  This option is ignored if the server was not
        compiled with <productname>Bonjour</productname> support.  This
        option can only be set at server start.
       </para>
      </listitem>
     </varlistentry>
     
     <varlistentry id="guc-tcp-keepalives-idle" xreflabel="tcp_keepalives_idle">
      <term><varname>tcp_keepalives_idle</varname> (<type>integer</type>)</term>
      <indexterm>
       <primary><varname>tcp_keepalives_idle</> configuration parameter</primary>
      </indexterm>
      <listitem>
       <para>
        On systems that support the <symbol>TCP_KEEPIDLE</symbol> socket option, specifies the
        number of seconds between sending keepalives on an otherwise idle
        connection. A value of 0 uses the system default. If <symbol>TCP_KEEPIDLE</symbol> is
        not supported, this parameter must be 0. This option is ignored for
        connections made via a Unix-domain socket.
       </para>
      </listitem>
     </varlistentry>
     
     <varlistentry id="guc-tcp-keepalives-interval" xreflabel="tcp_keepalives_interval">
      <term><varname>tcp_keepalives_interval</varname> (<type>integer</type>)</term>
      <indexterm>
       <primary><varname>tcp_keepalives_interval</> configuration parameter</primary>
      </indexterm>
      <listitem>
       <para>
        On systems that support the <symbol>TCP_KEEPINTVL</symbol> socket option, specifies how
        long, in seconds, to wait for a response to a keepalive before
        retransmitting. A value of 0 uses the system default. If <symbol>TCP_KEEPINTVL</symbol>
        is not supported, this parameter must be 0. This option is ignored
        for connections made via a Unix-domain socket.
       </para>
      </listitem>
     </varlistentry>
     
     <varlistentry id="guc-tcp-keepalives-count" xreflabel="tcp_keepalives_count">
      <term><varname>tcp_keepalives_count</varname> (<type>integer</type>)</term>
      <indexterm>
       <primary><varname>tcp_keepalives_count</> configuration parameter</primary>
      </indexterm>
      <listitem>
       <para>
        On systems that support the <symbol>TCP_KEEPCNT</symbol> socket option, specifies how
        many keepalives may be lost before the connection is considered dead. 
        A value of 0 uses the system default. If <symbol>TCP_KEEPCNT</symbol> is not
        supported, this parameter must be 0. This option is ignored
        for connections made via a Unix-domain socket.
       </para>
      </listitem>
     </varlistentry>
     
     </variablelist>
     </sect2>
     <sect2 id="runtime-config-connection-security">
     <title>Security and Authentication</title>
     
     <variablelist>
     <varlistentry id="guc-authentication-timeout" xreflabel="authentication_timeout">
      <term><varname>authentication_timeout</varname> (<type>integer</type>)</term>
      <indexterm><primary>timeout</><secondary>client authentication</></indexterm>
      <indexterm><primary>client authentication</><secondary>timeout during</></indexterm>
      <indexterm>
       <primary><varname>authentication_timeout</> configuration parameter</primary>
      </indexterm>

      <listitem>
       <para>
        Maximum time to complete client authentication, in seconds. If a
        would-be client has not completed the authentication protocol in
        this much time, the server breaks the connection. This prevents
        hung clients from occupying a connection indefinitely. This
        option can be set at server start or in the
        <filename>postgresql.conf</filename> file. The default is 60.
       </para>
      </listitem>
     </varlistentry>
     
     <varlistentry id="guc-ssl" xreflabel="ssl">
      <term><varname>ssl</varname> (<type>boolean</type>)</term>
      <indexterm>
       <primary><varname>ssl</> configuration parameter</primary>
      </indexterm>
      <listitem>
       <para>
        Enables <acronym>SSL</> connections. Please read
        <xref linkend="ssl-tcp"> before using this. The default
        is <literal>off</>. This parameter can only be set at server
        start.
       </para>
      </listitem>
     </varlistentry>

     <varlistentry id="guc-password-encryption" xreflabel="password_encryption">
      <term><varname>password_encryption</varname> (<type>boolean</type>)</term>
      <indexterm>
       <primary><varname>password_encryption</> configuration parameter</primary>
      </indexterm>
      <listitem>
       <para>
        When a password is specified in <xref
        linkend="sql-createuser" endterm="sql-createuser-title"> or
        <xref linkend="sql-alteruser" endterm="sql-alteruser-title">
        without writing either <literal>ENCRYPTED</> or
        <literal>UNENCRYPTED</>, this option determines whether the
        password is to be encrypted. The default is <literal>on</>
        (encrypt the password).
       </para>
      </listitem>
     </varlistentry>

     <varlistentry id="guc-krb-server-keyfile" xreflabel="krb_server_keyfile">
      <term><varname>krb_server_keyfile</varname> (<type>string</type>)</term>
      <indexterm>
       <primary><varname>krb_server_keyfile</> configuration parameter</primary>
      </indexterm>
      <listitem>
       <para>
        Sets the location of the Kerberos server key file. See
        <xref linkend="kerberos-auth"> for details. This parameter
        can only be set at server start.
       </para>
      </listitem>
     </varlistentry>

     <varlistentry id="guc-krb-srvname" xreflabel="krb_srvname">
      <term><varname>krb_srvname</varname> (<type>string</type>)</term>
      <indexterm>
       <primary><varname>krb_srvname</> configuration parameter</primary>
      </indexterm>
      <listitem>
       <para>
        Sets the Kerberos service name. See <xref linkend="kerberos-auth">
        for details.  This parameter can only be set at server start.
       </para>
      </listitem>
     </varlistentry>

     <varlistentry id="guc-krb-server-hostname" xreflabel="krb_server_hostname">
      <term><varname>krb_server_hostname</varname> (<type>string</type>)</term>
      <indexterm>
       <primary><varname>krb_server_hostname</> configuration parameter</primary>
      </indexterm>
      <listitem>
       <para>
        Sets the host name part of the service principal.
        This, combined with <varname>krb_srvname</>, is used to generate
        the complete service principal, that is
        <varname>krb_srvname</><literal>/</><varname>krb_server_hostname</><literal>@</>REALM.
       </para>
       <para>
        If not set, the default is the server host name.  See <xref linkend="kerberos-auth">
        for details.  This parameter can only be set at server start.
       </para>
      </listitem>
     </varlistentry>

     <varlistentry id="guc-krb-caseins-users" xreflabel="krb_caseins_users">
      <term><varname>krb_caseins_users</varname> (<type>boolean</type>)</term>
      <indexterm>
       <primary><varname>krb_caseins_users</varname> configuration parameter</primary>
      </indexterm>
      <listitem>
       <para>
        Sets whether Kerberos user names should be treated case-insensitively.
        The default is <literal>off</> (case sensitive). This parameter
        can only be set at server start.
       </para>
      </listitem>