rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/src/backend/libpq
History
Magnus Hagander b09f930d2e Add hba parameter include_realm to krb5, gss and sspi authentication, used 
to pass the full username@realm string to the authentication instead of
just the username. This makes it possible to use pg_ident.conf to authenticate
users from multiple realms as different database users.
 		2009-01-07 13:09:21 +00:00
..
Makefile Refactor backend makefiles to remove lots of duplicate code 2008-02-19 10:30:09 +00:00
README.SSL Remove large parts of the old SSL readme, that consisted of a couple 2008-10-24 11:48:29 +00:00
auth.c Add hba parameter include_realm to krb5, gss and sspi authentication, used 2009-01-07 13:09:21 +00:00
be-fsstubs.c Update copyright for 2009. 2009-01-01 17:24:05 +00:00
be-secure.c Update copyright for 2009. 2009-01-01 17:24:05 +00:00
crypt.c Update copyright for 2009. 2009-01-01 17:24:05 +00:00
hba.c Add hba parameter include_realm to krb5, gss and sspi authentication, used 2009-01-07 13:09:21 +00:00
ip.c Update copyright for 2009. 2009-01-01 17:24:05 +00:00
md5.c Update copyright for 2009. 2009-01-01 17:24:05 +00:00
pg_hba.conf.sample Add support for using SSL client certificates to authenticate to the 2008-11-20 11:48:26 +00:00
pg_ident.conf.sample Support regular expressions in pg_ident.conf. 2008-11-28 14:26:58 +00:00
pqcomm.c Update copyright for 2009. 2009-01-01 17:24:05 +00:00
pqformat.c Update copyright for 2009. 2009-01-01 17:24:05 +00:00
pqsignal.c Update copyright for 2009. 2009-01-01 17:24:05 +00:00

README.SSL 

$PostgreSQL: pgsql/src/backend/libpq/README.SSL,v 1.7 2008/10/24 11:48:29 mha Exp $

SSL
===

>From the servers perspective:


  Receives StartupPacket
           |
           |
 (Is SSL_NEGOTIATE_CODE?) -----------  Normal startup
           |                  No
           |
           | Yes
           |
           |
 (Server compiled with USE_SSL?) ------- Send 'N'
           |                       No        |
           |                                 |
           | Yes                         Normal startup
           |
           |
        Send 'S'
           |
           |
      Establish SSL
           |
           |
      Normal startup
     




>From the clients perspective (v6.6 client _with_ SSL):


      Connect
         |
         |
  Send packet with SSL_NEGOTIATE_CODE
         |
         |
  Receive single char  ------- 'S' -------- Establish SSL
         |                                       |
         | '<else>'                              |
         |                                  Normal startup
         |
         |
   Is it 'E' for error  ------------------- Retry connection
         |                  Yes             without SSL
         | No
         |
   Is it 'N' for normal ------------------- Normal startup
         |                  Yes
         |
   Fail with unknown

---------------------------------------------------------------------------