NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitf70866f

committed

SSPI authentication on Windows. GSSAPI compatible client when doing Kerberos

against a Unix server, and Windows-specific server-side authenticationusing SSPI "negotiate" method (Kerberos or NTLM).Only builds properly with MSVC for now.

1 parenta0dab33 commitf70866fCopy full SHA for f70866f

File tree

15 files changed

+708

-78

lines changed

doc/src/sgml
- client-auth.sgml
- libpq.sgml
src
- backend
  - libpq
  - postmaster
    - postmaster.c
- include/libpq
- interfaces/libpq
- tools/msvc
  - Mkvcbuild.pm
  - Solution.pm

15 files changed

+708

-78

lines changed

`‎doc/src/sgml/client-auth.sgml`

Lines changed: 39 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.99 2007/07/18 12:00:47 mha Exp $ -->`
	`1`	`+<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.100 2007/07/23 10:16:53 mha Exp $ -->`
`2`	`2`
`3`	`3`	`<chapter id="client-authentication">`
`4`	`4`	`<title>Client Authentication</title>`
`@@ -358,6 +358,17 @@ hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable>`
`358`	`358`	`</listitem>`
`359`	`359`	`</varlistentry>`
`360`	`360`
	`361`	`+ <varlistentry>`
	`362`	`+ <term><literal>sspi</></term>`
	`363`	`+ <listitem>`
	`364`	`+ <para>`
	`365`	`+ Use SSPI to authenticate the user. This is only`
	`366`	`+ available on Windows. See <xref`
	`367`	`+ linkend="sspi-auth"> for details.`
	`368`	`+ </para>`
	`369`	`+ </listitem>`
	`370`	`+ </varlistentry>`
	`371`	`+`
`361`	`372`	`<varlistentry>`
`362`	`373`	`<term><literal>krb5</></term>`
`363`	`374`	`<listitem>`
`@@ -677,6 +688,33 @@ local db1,db2,@demodbs all md5`
`677`	`688`
`678`	`689`	`</sect2>`
`679`	`690`
	`691`	`+ <sect2 id="sspi-auth">`
	`692`	`+ <title>SSPI authentication</title>`
	`693`	`+`
	`694`	`+ <indexterm zone="sspi-auth">`
	`695`	`+ <primary>SSPI</primary>`
	`696`	`+ </indexterm>`
	`697`	`+`
	`698`	`+ <para>`
	`699`	`+ <productname>SSPI</productname> is a <productname>Windows</productname>`
	`700`	`+ technology for secure authentication with single sign-on.`
	`701`	`+ <productname>PostgreSQL</productname> will use SSPI in`
	`702`	`+ <literal>negotiate</literal> mode, which will use`
	`703`	`+ <productname>Kerberos</productname> when possible and automatically`
	`704`	`+ fall back to <productname>NTLM</productname> in other cases.`
	`705`	`+ <productname>SSPI</productname> authentication only works when both`
	`706`	`+ server and client are running <productname>Windows</productname>.`
	`707`	`+ </para>`
	`708`	`+`
	`709`	`+ <para>`
	`710`	`+ When using <productname>Kerberos</productname> authentication,`
	`711`	`+ <productname>SSPI</productname> works the same way`
	`712`	`+ <productname>GSSAPI</productname> does. See <xref linkend="gssapi-auth">`
	`713`	`+ for details.`
	`714`	`+ </para>`
	`715`	`+`
	`716`	`+ </sect2>`
	`717`	`+`
`680`	`718`	`<sect2 id="kerberos-auth">`
`681`	`719`	`<title>Kerberos authentication</title>`
`682`	`720`

`‎doc/src/sgml/libpq.sgml`

Lines changed: 21 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.238 2007/07/18 12:00:47 mha Exp $ -->`
	`1`	`+<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.239 2007/07/23 10:16:53 mha Exp $ -->`
`2`	`2`
`3`	`3`	`<chapter id="libpq">`
`4`	`4`	`<title><application>libpq</application> - C Library</title>`
`@@ -290,6 +290,17 @@ PGconn PQconnectdb(const char conninfo);`
`290`	`290`	`</listitem>`
`291`	`291`	`</varlistentry>`
`292`	`292`
	`293`	`+ <varlistentry>`
	`294`	`+ <term><literal>gsslib</literal></term>`
	`295`	`+ <listitem>`
	`296`	`+ <para>`
	`297`	`+ GSS library to use for GSSAPI authentication. Only used on Windows.`
	`298`	`+ Set to <literal>gssapi</literal> to force libpq to use the GSSAPI`
	`299`	`+ library for authentication instead of the default SSPI.`
	`300`	`+ </para>`
	`301`	`+ </listitem>`
	`302`	`+ </varlistentry>`
	`303`	`+`
`293`	`304`	`<varlistentry>`
`294`	`305`	`<term><literal>service</literal></term>`
`295`	`306`	`<listitem>`
`@@ -4220,6 +4231,15 @@ authenticating with Kerberos 5 or GSSAPI.`
`4220`	`4231`	`</listitem>`
`4221`	`4232`	`<listitem>`
`4222`	`4233`	`<para>`
	`4234`	`+<indexterm>`
	`4235`	`+ <primary><envar>PGGSSLIB</envar></primary>`
	`4236`	`+</indexterm>`
	`4237`	`+<envar>PGGSSLIB</envar> sets the GSS library to use for GSSAPI`
	`4238`	`+authentication.`
	`4239`	`+</para>`
	`4240`	`+</listitem>`
	`4241`	`+<listitem>`
	`4242`	`+<para>`
`4223`	`4243`	`<indexterm>`
`4224`	`4244`	`<primary><envar>PGCONNECT_TIMEOUT</envar></primary>`
`4225`	`4245`	`</indexterm>`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitf70866f

File tree

15 files changed

15 files changed

`‎doc/src/sgml/client-auth.sgml`

`‎doc/src/sgml/libpq.sgml`

0 commit comments