From c346ca8648290d2c7d858d903180b321e68c2f5c Mon Sep 17 00:00:00 2001
From: Bruce Momjian <bruce@momjian.us>
Date: Sat, 13 Sep 2003 16:43:38 +0000
Subject: [PATCH] When I sent in the sslmode patch I forgot to update the
 comments/examples in pg_hba.conf. This patch remedies that, adds a brief
 explanation of the connection types, and adds a missing period in the docs.

Jon Jensen
---
 doc/src/sgml/client-auth.sgml        |  4 ++--
 src/backend/libpq/pg_hba.conf.sample | 17 +++++++++++------
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index 23d90e9d4f..445b8f4c35 100644
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.58 2003/09/12 22:17:22 tgl Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.59 2003/09/13 16:43:38 momjian Exp $
 -->
 
 <chapter id="client-authentication">
@@ -102,7 +102,7 @@ hostnossl  <replaceable>database</replaceable>  <replaceable>user</replaceable>
       <para>
        This record matches connection attempts using Unix-domain
        sockets.  Without a record of this type, Unix-domain socket
-       connections are disallowed
+       connections are disallowed.
       </para>
      </listitem>
     </varlistentry>
diff --git a/src/backend/libpq/pg_hba.conf.sample b/src/backend/libpq/pg_hba.conf.sample
index 946e573ddc..f4f002b707 100644
--- a/src/backend/libpq/pg_hba.conf.sample
+++ b/src/backend/libpq/pg_hba.conf.sample
@@ -7,15 +7,20 @@
 #
 # This file controls: which hosts are allowed to connect, how clients
 # are authenticated, which PostgreSQL user names they can use, which
-# databases they can access.  Records take one of five forms:
+# databases they can access.  Records take one of seven forms:
 #
-# local    DATABASE  USER  METHOD  [OPTION]
-# host     DATABASE  USER  IP-ADDRESS  IP-MASK   METHOD  [OPTION]
-# hostssl  DATABASE  USER  IP-ADDRESS  IP-MASK   METHOD  [OPTION]
-# host     DATABASE  USER  IP-ADDRESS/CIDR-MASK  METHOD  [OPTION]
-# hostssl  DATABASE  USER  IP-ADDRESS/CIDR-MASK  METHOD  [OPTION]
+# local      DATABASE  USER  METHOD  [OPTION]
+# host       DATABASE  USER  IP-ADDRESS  IP-MASK   METHOD  [OPTION]
+# hostssl    DATABASE  USER  IP-ADDRESS  IP-MASK   METHOD  [OPTION]
+# hostnossl  DATABASE  USER  IP-ADDRESS  IP-MASK   METHOD  [OPTION]
+# host       DATABASE  USER  IP-ADDRESS/CIDR-MASK  METHOD  [OPTION]
+# hostssl    DATABASE  USER  IP-ADDRESS/CIDR-MASK  METHOD  [OPTION]
+# hostnossl  DATABASE  USER  IP-ADDRESS/CIDR-MASK  METHOD  [OPTION]
 #
 # (The uppercase quantities should be replaced by actual values.)
+# The first field is the connection type: "local" is a Unix-domain socket,
+# "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl" is an
+# SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP socket.
 # DATABASE can be "all", "sameuser", "samegroup", a database name (or
 # a comma-separated list thereof), or a file name prefixed with "@".
 # USER can be "all", an actual user name or a group name prefixed with