Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit8352113

Browse files
committed
This patch improves the "Client Authentication" section of the user's
guide in a few minor ways.Neil Conway
1 parentb4794bf commit8352113

File tree

1 file changed

+23
-18
lines changed

1 file changed

+23
-18
lines changed

‎doc/src/sgml/client-auth.sgml‎

Lines changed: 23 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
<!--
2-
$Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.35 2002/04/09 00:38:24 momjian Exp $
2+
$Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.36 2002/08/16 04:48:16 momjian Exp $
33
-->
44

55
<chapter id="client-authentication">
@@ -29,8 +29,9 @@ $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.35 2002/04/09 00:38:24
2929

3030
<para>
3131
<productname>PostgreSQL</productname> offers a number of different
32-
client authentication methods. The method to be used can be selected
33-
on the basis of (client) host, database, and user.
32+
client authentication methods. The method used to authenticate a
33+
particular client connection can be selected on the basis of
34+
(client) host address, database, and user.
3435
</para>
3536

3637
<para>
@@ -56,8 +57,8 @@ $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.35 2002/04/09 00:38:24
5657
<filename>pg_hba.conf</filename> in the data directory, e.g.,
5758
<filename>/usr/local/pgsql/data/pg_hba.conf</filename>.
5859
(<acronym>HBA</> stands for host-based authentication.) A default
59-
<filename>pg_hba.conf</filename> file is installed when the data area
60-
is initialized by <command>initdb</command>.
60+
<filename>pg_hba.conf</filename> file is installed when the data
61+
directoryis initialized by <command>initdb</command>.
6162
</para>
6263

6364
<para>
@@ -124,7 +125,7 @@ hostssl <replaceable>database</replaceable> <replaceable>user</replaceable> <rep
124125
enabled with the <option>-l</> option or equivalent configuration
125126
setting when the server is started. (Note: <literal>host</literal>
126127
records will match either SSL or non-SSL connection attempts, but
127-
<literal>hostssl</literal> recordsrequires SSL connections.)
128+
<literal>hostssl</literal> recordsrequire SSL connections.)
128129
</para>
129130
</listitem>
130131
</varlistentry>
@@ -199,9 +200,11 @@ hostssl <replaceable>database</replaceable> <replaceable>user</replaceable> <rep
199200
<term><literal>trust</></term>
200201
<listitem>
201202
<para>
202-
The connection is allowed unconditionally. This method allows
203-
any user that has login access to the client host to connect as
204-
any <productname>PostgreSQL</productname> user whatsoever.
203+
The connection is allowed unconditionally. This method
204+
allows anyone that can connect to the
205+
<productname>PostgreSQL</productname> database to login as
206+
any <productname>PostgreSQL</productname> user they like,
207+
without the need for a password.
205208
</para>
206209
</listitem>
207210
</varlistentry>
@@ -222,7 +225,7 @@ hostssl <replaceable>database</replaceable> <replaceable>user</replaceable> <rep
222225
<para>
223226
Requires the client to supply an MD5 encrypted password for
224227
authentication. This is the only method that allows encrypted
225-
passwords to be stored in pg_shadow.
228+
passwords to be stored in<structname>pg_shadow</structname>.
226229
</para>
227230
</listitem>
228231
</varlistentry>
@@ -273,15 +276,17 @@ hostssl <replaceable>database</replaceable> <replaceable>user</replaceable> <rep
273276
<listitem>
274277
<para>
275278
For TCP/IP connections, authentication is done by contacting
276-
the <firstterm>ident</firstterm> server on the client host.
277-
This is only as secure as the client machine. You must specify
278-
the map name after the 'ident' keyword. It determines how to
279-
map remote user names to PostgreSQL user names. If you use
279+
the <firstterm>ident</firstterm> server on the client
280+
host. This is only as secure as the client machine. You must
281+
specify the map name after the 'ident' keyword. It
282+
determines how to map remote user names to
283+
<productname>PostgreSQL</productname> user names. If you use
280284
"sameuser", the user names are assumed to be identical. If
281285
not, the map name is looked up in the $PGDATA/pg_ident.conf
282286
file. The connection is accepted if that file contains an
283-
entry for this map name with the ident-supplied user name and
284-
the requested PostgreSQL user name.
287+
entry for this map name with the ident-supplied user name
288+
and the requested <productname>PostgreSQL</productname> user
289+
name.
285290
</para>
286291
<para>
287292
On machines that support unix-domain socket credentials
@@ -317,8 +322,8 @@ hostssl <replaceable>database</replaceable> <replaceable>user</replaceable> <rep
317322
<literal>postgresql</literal>. You can optionally supply you
318323
own service name after the <literal>pam</> keyword in the
319324
file. For more information about PAM, please read the <ulink
320-
url="http://www.kernel.org/pub/linux/libs/pam/"><productname>L
321-
inux-PAM</productname>Page</ulink> and the <ulink
325+
url="http://www.kernel.org/pub/linux/libs/pam/"><productname>Linux-PAM</>
326+
Page</ulink> and the <ulink
322327
url="http://www.sun.com/software/solaris/pam/"><systemitem
323328
class="osname">Solaris</> PAM Page</ulink>.
324329
</para>

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp