PostgreSQL Authentication Error: "FATAL: no pg_hba.conf entry for host"
search cancel

PostgreSQL Authentication Error: "FATAL: no pg_hba.conf entry for host"

book

Article ID: 397731

calendar_today

Updated On:

Products

VMware Tanzu Greenplum VMware Tanzu Data Suite VMware Tanzu Data Suite VMware Tanzu Greenplum / Gemfire

Issue/Introduction

When a PostgreSQL client receives the error message:

FATAL: no pg_hba.conf entry for host "xxx.xxx.xx.xx", user "xxx", database "xxx", SSL off

it indicates that PostgreSQL cannot find a matching authentication rule in pg_hba.conf for the connection attempt.

Common Causes

  1. Missing Entry: No rule exists for the specific host/user/database combination

  2. Rule Order Issues: Valid rule exists but appears after a more general rejection rule

  3. Incorrect Network Information: IP address or subnet mask is incorrect

  4. Configuration Not Reloaded: Changes to pg_hba.conf not applied with pg_reload_conf()

Hidden Cause: Invalid IP Address in Configuration

A critical but often overlooked cause is the presence of invalid IP addresses anywhere in pg_hba.conf. For example:

host all all 10.292.94.1/32 md5

Why this causes problems:

  • IP octets must be between 0-255; "292" exceeds this limit

  • PostgreSQL silently rejects the invalid entry and may invalidate the entire configuration

  • New entries added to pg_hba.conf become ineffective, even at the beginning of the file

  • gpstop -u or similar reload commands complete successfully with no error messages

  • The system continues to use old authentication rules

Resolution

Resolution

  1. Remove or correct any invalid IP addresses or subnet masks in pg_hba.conf

  2. Ensure all entries use proper syntax and spacing

  3. Reload PostgreSQL configuration:

    text
    SELECT pg_reload_conf();

    or

    text
    gpstop -u
Powered by Wolken Software