Help Center/ GaussDB/ User Guide/ Database Use/ Authentication Configurations/ Viewing the Modification History of Client Authentication Configurations
Updated on 2025-09-05 GMT+08:00
View PDF
Share

Viewing the Modification History of Client Authentication Configurations

Scenarios

You can view the modification history of client authentication configurations.

Constraints

Only the modification history from the past month is available for review.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner and select a region and project.
  3. Click in the upper left corner of the page and choose Databases > GaussDB.
  4. On the Instances page, click the name of the target instance to go to the Basic Information page.
  5. In the navigation pane, choose Database Management > Client Authentication.
  6. Click the Configuration History tab. On the displayed page, locate the record you want to check and click to view the modification details.

    Figure 1 Configuration History

    Table 1 Parameter description

    Parameter

    Description

    Time

    Time when client authentication configurations are modified.

    Status

    Status of the modification.

    • Successful
    • Failed

    Failure Cause

    The reason for failure when the modification status is Failed.

    TYPE

    Client connection type.

    • host: The DB instance accepts both standard TCP/IP socket connections and SSL-encrypted TCP/IP socket connections.
    • hostssl: The DB instance only accepts SSL-encrypted TCP/IP socket connections.
    • hostnossl: The DB instance only accepts standard TCP/IP socket connections.

    DATABASE

    Databases that can be accessed.

    • all: The rule matches all databases.
    • A specific database name or a list of databases
      NOTE:
      • The value replication matches requests for replication connections, which are not associated with any specific database. If you intend to access a database named replication, you must explicitly specify "replication" as the database name in the Database column.

    USER

    Users who are allowed to access the databases.

    • all: The record matches all users.
    • A specific database username or a list of users

    ADDRESS

    Allowed IP address range.

    • Currently, only the IP address/mask length format is supported.
    • For instances with a DB engine version of V2.0-8.1.0 or later, IPv6 addresses are also supported in the Address column.

    METHOD

    Authentication method used for connection.

    • reject: A connection is rejected unconditionally. It is commonly used to block certain hosts.
    • md5: MD5 is used for authentication. This method is considered insecure and is not recommended. It is disabled by default. To enable it, modify the password_encryption_type parameter. For details about how to modify the parameter, see Modifying Instance Parameters.
    • sha256: The client is required to provide a password encrypted using the SHA-256 algorithm. During transmission, the password is combined with a salt (a server-provided random number) and processed using a one-way SHA-256 hash, enhancing security.
    • sm3: The client is required to provide a password encrypted using the SM3 algorithm. During transmission, the password is combined with a salt (a server-provided random number) and processed using a one-way SM3 hash, enhancing security.
    • cert: A client certificate is used for authentication. This method requires SSL configuration and a valid client SSL certificate. No password is required. The cert authentication method only supports rules with the hostssl client connection type.

Parent Topic: Authentication Configurations