NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit54fbd15

committed

Doc: add a short summary of available authentication methods.

The "auth-methods" <sect1> used to include descriptions of all ourauthentication methods. Commit56811e5 promoted its child <sect2>'sto <sect1>'s, which has advantages but also created some issues:* The auth-methods page itself is essentially empty/useless.* Links that pointed to "auth-methods" as a placeholder for allauth methods were rendered a bit nonsensical.* DocBook no longer provides a subsection table-of-contents here,which formerly was a useful if terse summary of available auth methods.To improve matters, add a handwritten list of all the auth methods.Per gripe from Dave Cramer. Back-patch to v11 where the previouscommit came in.Discussion:https://postgr.es/m/CADK3HH+xQLhcPgg=kWqfogtXGGZr-JdSo=x=WQC0PkAVyxUWyQ@mail.gmail.com

1 parent7cdcc74 commit54fbd15Copy full SHA for 54fbd15

File tree

1 file changed

+94

-1

lines changed

doc/src/sgml
- client-auth.sgml

1 file changed

+94

-1

lines changed

`‎doc/src/sgml/client-auth.sgml`

Lines changed: 94 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -911,8 +911,101 @@ omicron bryanh guest1`
`911`	`911`
`912`	`912`	`<sect1 id="auth-methods">`
`913`	`913`	`<title>Authentication Methods</title>`
	`914`	`+`
	`915`	`+ <para>`
	`916`	`+ <productname>PostgreSQL</productname> provides various methods for`
	`917`	`+ authenticating users:`
	`918`	`+`
	`919`	`+ <itemizedlist>`
	`920`	`+ <listitem>`
	`921`	`+ <para>`
	`922`	`+ <link linkend="auth-trust">Trust authentication</link>, which`
	`923`	`+ simply trusts that users are who they say they are.`
	`924`	`+ </para>`
	`925`	`+ </listitem>`
	`926`	`+ <listitem>`
	`927`	`+ <para>`
	`928`	`+ <link linkend="auth-password">Password authentication</link>, which`
	`929`	`+ requires that users send a password.`
	`930`	`+ </para>`
	`931`	`+ </listitem>`
	`932`	`+ <listitem>`
	`933`	`+ <para>`
	`934`	`+ <link linkend="gssapi-auth">GSSAPI authentication</link>, which`
	`935`	`+ relies on a GSSAPI-compatible security library. Typically this is`
	`936`	`+ used to access an authentication server such as a Kerberos or`
	`937`	`+ Microsoft Active Directory server.`
	`938`	`+ </para>`
	`939`	`+ </listitem>`
	`940`	`+ <listitem>`
	`941`	`+ <para>`
	`942`	`+ <link linkend="sspi-auth">SSPI authentication</link>, which`
	`943`	`+ uses a Windows-specific protocol similar to GSSAPI.`
	`944`	`+ </para>`
	`945`	`+ </listitem>`
	`946`	`+ <listitem>`
	`947`	`+ <para>`
	`948`	`+ <link linkend="auth-ident">Ident authentication</link>, which`
	`949`	`+ relies on an <quote>Identification Protocol</quote> (RFC 1413)`
	`950`	`+ service on the client's machine. (On local Unix-socket connections,`
	`951`	`+ this is treated as peer authentication.)`
	`952`	`+ </para>`
	`953`	`+ </listitem>`
	`954`	`+ <listitem>`
	`955`	`+ <para>`
	`956`	`+ <link linkend="auth-peer">Peer authentication</link>, which`
	`957`	`+ relies on operating system facilities to identify the process at the`
	`958`	`+ other end of a local connection. This is not supported for remote`
	`959`	`+ connections.`
	`960`	`+ </para>`
	`961`	`+ </listitem>`
	`962`	`+ <listitem>`
	`963`	`+ <para>`
	`964`	`+ <link linkend="auth-ldap">LDAP authentication</link>, which`
	`965`	`+ relies on an LDAP authentication server.`
	`966`	`+ </para>`
	`967`	`+ </listitem>`
	`968`	`+ <listitem>`
	`969`	`+ <para>`
	`970`	`+ <link linkend="auth-radius">RADIUS authentication</link>, which`
	`971`	`+ relies on a RADIUS authentication server.`
	`972`	`+ </para>`
	`973`	`+ </listitem>`
	`974`	`+ <listitem>`
	`975`	`+ <para>`
	`976`	`+ <link linkend="auth-cert">Certificate authentication</link>, which`
	`977`	`+ requires an SSL connection and authenticates users by checking the`
	`978`	`+ SSL certificate they send.`
	`979`	`+ </para>`
	`980`	`+ </listitem>`
	`981`	`+ <listitem>`
	`982`	`+ <para>`
	`983`	`+ <link linkend="auth-pam">PAM authentication</link>, which`
	`984`	`+ relies on a PAM (Pluggable Authentication Modules) library.`
	`985`	`+ </para>`
	`986`	`+ </listitem>`
	`987`	`+ <listitem>`
	`988`	`+ <para>`
	`989`	`+ <link linkend="auth-bsd">BSD authentication</link>, which`
	`990`	`+ relies on the BSD Authentication framework (currently available`
	`991`	`+ only on OpenBSD).`
	`992`	`+ </para>`
	`993`	`+ </listitem>`
	`994`	`+ </itemizedlist>`
	`995`	`+ </para>`
	`996`	`+`
	`997`	`+ <para>`
	`998`	`+ Peer authentication is usually recommendable for local connections,`
	`999`	`+ though trust authentication might be sufficient in some circumstances.`
	`1000`	`+ Password authentication is the easiest choice for remote connections.`
	`1001`	`+ All the other options require some kind of external security`
	`1002`	`+ infrastructure (usually an authentication server or a certificate`
	`1003`	`+ authority for issuing SSL certificates), or are platform-specific.`
	`1004`	`+ </para>`
	`1005`	`+`
`914`	`1006`	`<para>`
`915`		`- The following sections describe the authentication methods in more detail.`
	`1007`	`+ The following sections describe each of these authentication methods`
	`1008`	`+ in more detail.`
`916`	`1009`	`</para>`
`917`	`1010`	`</sect1>`
`918`	`1011`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit54fbd15

File tree

1 file changed

1 file changed

`‎doc/src/sgml/client-auth.sgml`

0 commit comments