Index: doc/src/sgml/client-auth.sgml
===================================================================
RCS file: /home/projects/pgsql/cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v
retrieving revision 1.11
diff -c -r1.11 client-auth.sgml
*** doc/src/sgml/client-auth.sgml 2001/05/12 22:51:34 1.11
--- doc/src/sgml/client-auth.sgml 2001/07/11 20:27:07
***************
*** 242,248 ****
of the connecting user. Postgres
then verifies whether the so identified operating system user
is allowed to connect as the database user that is requested.
! This is only available for TCP/IP connections.
The authentication option following
the ident keyword specifies the name of an
ident map that specifies which operating
--- 242,251 ----
of the connecting user. Postgres
then verifies whether the so identified operating system user
is allowed to connect as the database user that is requested.
! This is only available for TCP/IP connections. It can be used
! on the local machine by specifying the localhost address 127.0.0.1.
!
!
The authentication option following
the ident keyword specifies the name of an
ident map that specifies which operating
***************
*** 553,559 ****
RFC 1413
The Identification Protocol is not intended as an authorization
! or access control protocol.
--- 556,563 ----
RFC 1413
The Identification Protocol is not intended as an authorization
! or access control protocol. You must trust the machine running the
! ident server.
Index: src/backend/libpq/pg_hba.conf.sample
===================================================================
RCS file: /home/projects/pgsql/cvsroot/pgsql/src/backend/libpq/pg_hba.conf.sample,v
retrieving revision 1.19
diff -c -r1.19 pg_hba.conf.sample
*** src/backend/libpq/pg_hba.conf.sample 2001/07/11 19:36:36 1.19
--- src/backend/libpq/pg_hba.conf.sample 2001/07/11 20:27:08
***************
*** 1,5 ****
#
! # PostgreSQL HOST-BASED ACCESS (HBA) CONTROL FILE
#
#
# This file controls:
--- 1,5 ----
#
! # PostgreSQL HOST-BASED ACCESS (HBA) CONTROL FILE
#
#
# This file controls:
***************
*** 101,109 ****
# be use only for machines where all users are truested.
#
# password: Authentication is done by matching a password supplied
! # in clear by the host. If no AUTH_ARGUMENT is used, the
! # password is compared with the user's entry in the
! # pg_shadow table.
#
# If AUTH_ARGUMENT is specified, the username is looked up
# in that file in the $PGDATA directory. If the username
--- 101,109 ----
# be use only for machines where all users are truested.
#
# password: Authentication is done by matching a password supplied
! # in clear by the host. If no AUTH_ARGUMENT is used, the
! # password is compared with the user's entry in the
! # pg_shadow table.
#
# If AUTH_ARGUMENT is specified, the username is looked up
# in that file in the $PGDATA directory. If the username
***************
*** 118,147 ****
# passwords.
#
# crypt: Same as "password", but authentication is done by
! # encrypting the password sent over the network. This is
! # always preferable to "password" except for old clients
! # that don't support "crypt". Also, crypt can use
! # usernames stored in secondary password files but not
! # secondary passwords.
! #
! # ident: Authentication is done by the ident server on the local
! # or remote host. AUTH_ARGUMENT is required and maps names
! # found in the $PGDATA/pg_ident.conf file. The connection
! # is accepted if the file contains an entry for this map
! # name with the ident-supplied username and the requested
! # PostgreSQL username. The special map name "sameuser"
! # indicates an implied map (not in pg_ident.conf) that
! # maps each ident username to the identical PostgreSQL
# username.
#
! # krb4: Kerberos V4 authentication is used.
#
! # krb5: Kerberos V5 authentication is used.
#
# reject: Reject the connection. This is used to reject certain hosts
! # that are part of a network specified later in the file.
! # To be effective, "reject" must appear before the later
! # entries.
#
# Local UNIX-domain socket connections support only the AUTH_TYPEs of
# "trust", "password", "crypt", and "reject".
--- 118,147 ----
# passwords.
#
# crypt: Same as "password", but authentication is done by
! # encrypting the password sent over the network. This is
! # always preferable to "password" except for old clients
! # that don't support "crypt". Also, crypt can use
! # usernames stored in secondary password files but not
! # secondary passwords.
! #
! # ident: Authentication is done by the ident server on the local
! # (127.0.0.1) or remote host. AUTH_ARGUMENT is required and
! # maps names found in the $PGDATA/pg_ident.conf file. The
! # connection is accepted if the file contains an entry for
! # this map name with the ident-supplied username and the
! # requested PostgreSQL username. The special map name
! # "sameuser" indicates an implied map (not in pg_ident.conf)
! # that maps each ident username to the identical PostgreSQL
# username.
#
! # krb4: Kerberos V4 authentication is used.
#
! # krb5: Kerberos V5 authentication is used.
#
# reject: Reject the connection. This is used to reject certain hosts
! # that are part of a network specified later in the file.
! # To be effective, "reject" must appear before the later
! # entries.
#
# Local UNIX-domain socket connections support only the AUTH_TYPEs of
# "trust", "password", "crypt", and "reject".