The pghba.conf (Host-Based Authentication) file is the primary configuration file used to control client authentication. It contains records that specify which hosts are allowed to connect, to which databases, as which users, and using what authentication method. To configure the server to accept TCP/IP connections from specific IP addresses, you must add or modify entries in this file, specifying the allowed IP address or address range in the address field of a host type record.

A. postgresql.conf: This file sets global server parameters, such as listenaddresses to enable network listening, but it does not define rules for which specific client IPs can connect.

C. pgident.conf: This file is used to map external system usernames to PostgreSQL database usernames for ident and peer authentication; it does not control IP-based access.

D. recovery.conf: This file (used in PostgreSQL versions prior to 12) configures settings for standby servers and point-in-time recovery, not for managing client connection rules.

1. PostgreSQL 16 Official Documentation. (2023). Chapter 21. Client Authentication, Section 21.1. The pghba.conf File. The documentation states, "Client authentication is controlled by a configuration file, which traditionally is named pghba.conf... Each record specifies a connection type, a client IP address range (if relevant for the connection type), a database name, a user name, and the authentication method to be used for connections matching these parameters."

2. PostgreSQL 16 Official Documentation. (2023). Chapter 20. Server Configuration, Section 20.4.1. Connections and Authentication. This section clarifies the role of postgresql.conf parameters like listenaddresses in enabling network connections, distinguishing it from the access control function of pghba.conf.

3. PostgreSQL 16 Official Documentation. (2023). Chapter 21. Client Authentication, Section 21.2. User Name Maps. This section describes the purpose of pgident.conf as mapping operating-system user names to database user names, which is distinct from IP-based connection control.