11<!--
2- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.61 2003/11/29 19:51:36 pgsql Exp $
2+ $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.62 2003/12/13 23:59:06 neilc Exp $
33-->
44
55<chapter id="client-authentication">
@@ -111,10 +111,13 @@ hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable>
111111 <term><literal>host</literal></term>
112112 <listitem>
113113 <para>
114- This record matches connection attempts using TCP/IP networks .
114+ This record matches connection attemptsmade using TCP/IP.
115115 Note that TCP/IP connections are disabled unless the server is
116116 started with the <option>-i</option> option or the
117- <varname>tcpip_socket</> configuration parameter is enabled.
117+ <varname>tcpip_socket</> configuration parameter is
118+ enabled. <literal>host</literal> records match either
119+ <acronym>SSL</acronym> or non-<acronym>SSL</acronym> connection
120+ attempts.
118121 </para>
119122 </listitem>
120123 </varlistentry>
@@ -123,17 +126,17 @@ hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable>
123126 <term><literal>hostssl</literal></term>
124127 <listitem>
125128 <para>
126- This record matches connection attempts using SSL over TCP/IP.
127- <literal>host</literal> records will match either SSL or
128- non-SSL connection attempts, but <literal>hostssl</literal>
129- records require SSL connections.
129+ This record matches connection attempts made using TCP/IP. In
130+ addition, this record requires that the connection is made with
131+ <acronym>SSL</acronym>.
130132 </para>
131133
132134 <para>
133- To make use of this option the server must be built
134- with SSL support enabled. Furthermore, SSL must be enabled by
135- enabling the <varname>ssl</varname> configuration parameter
136- (see <xref linkend="runtime-config"> for more information).
135+ To make use of this option the server must be built with
136+ <acronym>SSL</acronym> support enabled. Furthermore,
137+ <acronym>SSL</acronym> must be enabled by setting the
138+ <varname>ssl</varname> configuration parameter (see <xref
139+ linkend="ssl-tcp"> for more information).
137140 </para>
138141 </listitem>
139142 </varlistentry>
@@ -143,8 +146,8 @@ hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable>
143146 <listitem>
144147 <para>
145148 This record is similar to <literal>hostssl</> but with the
146- opposite logic: itmatches onlyregular connection attemptsnot
147- using SSL.
149+ opposite logic: it onlymatches connection attemptsmade over
150+ TCP/IP that do not use <acronym> SSL</acronym> .
148151 </para>
149152 </listitem>
150153 </varlistentry>
@@ -593,7 +596,7 @@ local db1,db2,@demodbs all md5
593596 <quote>sniffing</> attacks then <literal>md5</> is preferred, with
594597 <literal>crypt</> a second choice if you must support pre-7.2
595598 clients. Plain <literal>password</> should especially be avoided for
596- connections over the open Internet (unless you use SSL, SSH, or
599+ connections over the open Internet (unless you use<acronym> SSL</acronym> , SSH, or
597600 other communications security wrappers around the connection).
598601 </para>
599602
