Better document use of ident on localhost, per Tom Lane's idea.
This commit is contained in:
Bruce Momjian
parent
357d9bdce5
commit
461ea6b796
|
|
@ -1,4 +1,4 @@
|
|||
<!-- $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.11 2001/05/12 22:51:34 petere Exp $ -->
|
||||
<!-- $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.12 2001/07/11 20:32:10 momjian Exp $ -->
|
||||
|
||||
<chapter id="client-authentication">
|
||||
<title>Client Authentication</title>
|
||||
|
|
@ -242,7 +242,10 @@ hostssl <replaceable>database</replaceable> <replaceable>IP-address</replaceable
|
|||
of the connecting user. <productname>Postgres</productname>
|
||||
then verifies whether the so identified operating system user
|
||||
is allowed to connect as the database user that is requested.
|
||||
This is only available for TCP/IP connections.
|
||||
This is only available for TCP/IP connections. It can be used
|
||||
on the local machine by specifying the localhost address 127.0.0.1.
|
||||
</para>
|
||||
<para>
|
||||
The <replaceable>authentication option</replaceable> following
|
||||
the <literal>ident</> keyword specifies the name of an
|
||||
<firstterm>ident map</firstterm> that specifies which operating
|
||||
|
|
@ -553,7 +556,8 @@ host all 192.168.0.0 255.255.0.0 ident omicron
|
|||
<attribution>RFC 1413</attribution>
|
||||
<para>
|
||||
The Identification Protocol is not intended as an authorization
|
||||
or access control protocol.
|
||||
or access control protocol. You must trust the machine running the
|
||||
ident server.
|
||||
</para>
|
||||
</blockquote>
|
||||
</para>
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
#
|
||||
# PostgreSQL HOST-BASED ACCESS (HBA) CONTROL FILE
|
||||
# PostgreSQL HOST-BASED ACCESS (HBA) CONTROL FILE
|
||||
#
|
||||
#
|
||||
# This file controls:
|
||||
|
|
@ -101,9 +101,9 @@
|
|||
# be use only for machines where all users are truested.
|
||||
#
|
||||
# password: Authentication is done by matching a password supplied
|
||||
# in clear by the host. If no AUTH_ARGUMENT is used, the
|
||||
# password is compared with the user's entry in the
|
||||
# pg_shadow table.
|
||||
# in clear by the host. If no AUTH_ARGUMENT is used, the
|
||||
# password is compared with the user's entry in the
|
||||
# pg_shadow table.
|
||||
#
|
||||
# If AUTH_ARGUMENT is specified, the username is looked up
|
||||
# in that file in the $PGDATA directory. If the username
|
||||
|
|
@ -118,30 +118,30 @@
|
|||
# passwords.
|
||||
#
|
||||
# crypt: Same as "password", but authentication is done by
|
||||
# encrypting the password sent over the network. This is
|
||||
# always preferable to "password" except for old clients
|
||||
# that don't support "crypt". Also, crypt can use
|
||||
# usernames stored in secondary password files but not
|
||||
# secondary passwords.
|
||||
# encrypting the password sent over the network. This is
|
||||
# always preferable to "password" except for old clients
|
||||
# that don't support "crypt". Also, crypt can use
|
||||
# usernames stored in secondary password files but not
|
||||
# secondary passwords.
|
||||
#
|
||||
# ident: Authentication is done by the ident server on the local
|
||||
# or remote host. AUTH_ARGUMENT is required and maps names
|
||||
# found in the $PGDATA/pg_ident.conf file. The connection
|
||||
# is accepted if the file contains an entry for this map
|
||||
# name with the ident-supplied username and the requested
|
||||
# PostgreSQL username. The special map name "sameuser"
|
||||
# indicates an implied map (not in pg_ident.conf) that
|
||||
# maps each ident username to the identical PostgreSQL
|
||||
# ident: Authentication is done by the ident server on the local
|
||||
# (127.0.0.1) or remote host. AUTH_ARGUMENT is required and
|
||||
# maps names found in the $PGDATA/pg_ident.conf file. The
|
||||
# connection is accepted if the file contains an entry for
|
||||
# this map name with the ident-supplied username and the
|
||||
# requested PostgreSQL username. The special map name
|
||||
# "sameuser" indicates an implied map (not in pg_ident.conf)
|
||||
# that maps each ident username to the identical PostgreSQL
|
||||
# username.
|
||||
#
|
||||
# krb4: Kerberos V4 authentication is used.
|
||||
# krb4: Kerberos V4 authentication is used.
|
||||
#
|
||||
# krb5: Kerberos V5 authentication is used.
|
||||
# krb5: Kerberos V5 authentication is used.
|
||||
#
|
||||
# reject: Reject the connection. This is used to reject certain hosts
|
||||
# that are part of a network specified later in the file.
|
||||
# To be effective, "reject" must appear before the later
|
||||
# entries.
|
||||
# that are part of a network specified later in the file.
|
||||
# To be effective, "reject" must appear before the later
|
||||
# entries.
|
||||
#
|
||||
# Local UNIX-domain socket connections support only the AUTH_TYPEs of
|
||||
# "trust", "password", "crypt", and "reject".
|
||||
|
|
|
|||
Loading…
Reference in New Issue