I propose the attached patch to shake up the wording in the connection
type section of pg_hba.conf.sample a bit. After the hostgssenc part was
added on, the whole thing became a bit wordy, and it's also a bit
inaccurate for example in that the current wording for "host" appears to
say that it does not apply to GSS-encrypted connections.
From dc64f4826c4dbf3bcd1cdadb1e9f351ce45f9074 Mon Sep 17 00:00:00 2001
From: Peter Eisentraut <pe...@eisentraut.org>
Date: Wed, 28 Apr 2021 07:46:48 +0200
Subject: [PATCH] pg_hba.conf.sample: Reword connection type section
---
src/backend/libpq/pg_hba.conf.sample | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/src/backend/libpq/pg_hba.conf.sample
b/src/backend/libpq/pg_hba.conf.sample
index b6de12b298..ead092ffab 100644
--- a/src/backend/libpq/pg_hba.conf.sample
+++ b/src/backend/libpq/pg_hba.conf.sample
@@ -18,12 +18,13 @@
#
# (The uppercase items must be replaced by actual values.)
#
-# The first field is the connection type: "local" is a Unix-domain
-# socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
-# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
-# non-SSL TCP/IP socket. Similarly, "hostgssenc" uses a
-# GSSAPI-encrypted TCP/IP socket, while "hostnogssenc" uses a
-# non-GSSAPI socket.
+# The first field is the connection type:
+# - "local" is a Unix-domain socket
+# - "host" is a TCP/IP socket (encrypted or not)
+# - "hostssl" is an SSL-encrypted TCP/IP socket
+# - "hostnossl" is a non-SSL TCP/IP socket
+# - "hostgssenc" is a GSSAPI-encrypted TCP/IP socket
+# - "hostnogssenc" is a not GSSAPI-encrypted socket
#
# DATABASE can be "all", "sameuser", "samerole", "replication", a
# database name, or a comma-separated list thereof. The "all"
--
2.31.1
