11<!--
2- $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.51 2003/06/25 01:14:05 momjian Exp $
2+ $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.52 2003/06/25 01:20:50 momjian Exp $
33-->
44
55<chapter id="client-authentication">
@@ -83,11 +83,13 @@ $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.51 2003/06/25 01:14:05
8383 </para>
8484
8585 <para>
86- A record may have one of thethree formats
86+ A record may have one of thefive formats
8787<synopsis>
8888local <replaceable>database</replaceable> <replaceable>user</replaceable> <replaceable>authentication-method</replaceable> <optional><replaceable>authentication-option</replaceable></optional>
8989host <replaceable>database</replaceable> <replaceable>user</replaceable> <replaceable>IP-address</replaceable> <replaceable>IP-mask</replaceable> <replaceable>authentication-method</replaceable> <optional><replaceable>authentication-option</replaceable></optional>
9090hostssl <replaceable>database</replaceable> <replaceable>user</replaceable> <replaceable>IP-address</replaceable> <replaceable>IP-mask</replaceable> <replaceable>authentication-method</replaceable> <optional><replaceable>authentication-option</replaceable></optional>
91+ host <replaceable>database</replaceable> <replaceable>user</replaceable> <replaceable>IP-address</replaceable>/<replaceable>CIDR-mask</replaceable> <replaceable>authentication-method</replaceable> <optional><replaceable>authentication-option</replaceable></optional>
92+ hostssl <replaceable>database</replaceable> <replaceable>user</replaceable> <replaceable>IP-address</replaceable>/<replaceable>CIDR-mask</replaceable> <replaceable>authentication-method</replaceable> <optional><replaceable>authentication-option</replaceable></optional>
9193</synopsis>
9294 The meaning of the fields is as follows:
9395
@@ -176,7 +178,7 @@ hostssl <replaceable>database</replaceable> <replaceable>user</replaceable> <
176178 <term><replaceable>IP-mask</replaceable></term>
177179 <listitem>
178180 <para>
179- These two fields contain IP address/ mask values in standard
181+ These two fields contain IP address and mask values in standard
180182 dotted decimal notation. (IP addresses can only be specified
181183 numerically, not as domain or host names.) Taken together they
182184 specify the client machine IP addresses that this record
@@ -200,6 +202,34 @@ hostssl <replaceable>database</replaceable> <replaceable>user</replaceable> <
200202 </listitem>
201203 </varlistentry>
202204
205+ <varlistentry>
206+ <term><replaceable>CIDR-mask</replaceable></term>
207+ <listitem>
208+ <para>
209+ This is an integer specifying the number of significant bits
210+ to set in the mask, and is an alternative to using the
211+ <replaceable>IP-mask</replaceable> notation. The number must
212+ be between 0 and 32 (in the case of an IPv4 address) or 128
213+ (in the case of an IPv6 address) inclusive. 0 will match any
214+ address, while 32/128 will match only the exact host specified.
215+ The same matching logic is used as for a dotted notation
216+ <replaceable>IP-Mask</replaceable>.
217+ </para>
218+
219+ <para>
220+ There must be no white space between the <replaceable>IP-address</replaceable>
221+ and the <literal>/</literal> or the <literal>/</literal> and the
222+ <replaceable>CIDR-mask</replaceable>, or the file will not be parsed
223+ correctly.
224+ </para>
225+
226+ <para>
227+ This field only applies to <literal>host</literal> and
228+ <literal>hostssl</literal> records.
229+ </para>
230+ </listitem>
231+ </varlistentry>
232+
203233 <varlistentry>
204234 <term><replaceable>authentication-method</replaceable></term>
205235 <listitem>