When configuring PostgreSQL for remote access, many administrators encounter the frustrating error:
LOG: invalid IP mask \"trust\": Name or service not known
CONTEXT: line 83 of configuration file \"/usr/local/pgsql-9.0.2/data/pg_hba.conf\"
FATAL: could not load pg_hba.conf
This occurs because the pg_hba.conf file expects a specific format for host-based authentication entries, and "trust" is being incorrectly interpreted as part of the IP address specification.
The proper format for a host entry in pg_hba.conf should be:
# TYPE DATABASE USER ADDRESS METHOD
host all all 192.168.1.100/32 trust
Notice two critical differences from the problematic configuration:
- The IP address is followed by a CIDR mask (like /32 for single host)
- The authentication method (trust) is properly separated from the IP specification
In your case, the line:
host all all **.**.***.* trust
Should be modified to (replace with your actual IP):
host all all 192.168.1.100/32 trust
Some variations that would also work:
# For an entire subnet
host all all 192.168.1.0/24 md5
# For a specific user and database
host salesdb salesuser 203.0.113.45/32 scram-sha-256
After fixing pg_hba.conf, ensure these configurations are set in postgresql.conf:
listen_addresses = '*'
port = 5432
Remember to reload PostgreSQL after changes:
# For systemd systems
sudo systemctl reload postgresql
# For traditional init systems
pg_ctl reload -D /usr/local/pgsql-9.0.2/data/
While "trust" authentication works for testing, in production you should use more secure methods:
# Recommended production setting
host all all 192.168.1.100/32 scram-sha-256
Always test connectivity after changes:
psql -h your_server_ip -U username -d dbname
When working with PostgreSQL 9.0.2 on Slackware 13.1x64, I encountered a critical authentication error when trying to configure remote access:
LOG: invalid IP mask \"trust\": Name or service not known
CONTEXT: line 83 of configuration file \"/usr/local/pgsql-9.0.2/data/pg_hba.conf\"
FATAL: could not load pg_hba.confThe issue stems from a common misunderstanding of the pg_hba.conf file structure. The correct format for host-based authentication is:
host DATABASE USER ADDRESS METHODThe problematic line in my configuration was:
host all all **.**.***.* trustHere's what's wrong:
1. The IP address (**.**.***.*) is incomplete without its CIDR mask
2. The authentication method (trust) is being incorrectly interpreted as part of the IP address specification
For single IP access with trust authentication:
host all all 192.168.1.100/32 trustFor an entire subnet with md5 authentication:
host all all 192.168.1.0/24 md5Here are frequently used CIDR mask values:
/32 - Single host (exact IP)
/24 - Class C network (254 hosts)
/16 - Class B network (65,534 hosts)
/8 - Class A network (16,777,214 hosts)After making changes, always reload PostgreSQL:
# For systemd systems:
sudo systemctl reload postgresql
# For init.d systems:
sudo /etc/init.d/postgresql reloadIf you still face issues:
- Check PostgreSQL logs:
/var/log/postgresql/postgresql-9.0-main.log - Verify file permissions:
chmod 600 pg_hba.conf - Test connectivity:
psql -h hostname -U username -d dbname
For more complex setups using IPv6:
host all all ::1/128 trust
hostssl all all ::/0 md5While 'trust' authentication is simple, consider these more secure alternatives:
md5 - Password authentication
scram-sha-256 - Strong encryption (PostgreSQL 10+)
cert - SSL certificate authentication