|
1 | 1 | <!-- |
2 | | -$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.84 2005/10/24 15:38:36 momjian Exp $ |
| 2 | +$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.85 2005/10/24 15:49:54 momjian Exp $ |
3 | 3 | --> |
4 | 4 |
|
5 | 5 | <chapter id="client-authentication"> |
@@ -319,11 +319,16 @@ hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable> |
319 | 319 | <varlistentry> |
320 | 320 | <term><literal>crypt</></term> |
321 | 321 | <listitem> |
| 322 | + <note> |
| 323 | + <para> |
| 324 | + This option is recommended only for communicating with pre-7.2 |
| 325 | + clients. |
| 326 | + </para> |
| 327 | + </note> |
322 | 328 | <para> |
323 | 329 | Require the client to supply a <function>crypt()</>-encrypted |
324 | 330 | password for authentication. |
325 | | - <literal>md5</literal> is preferred for 7.2 and later clients, |
326 | | - but pre-7.2 clients only support <literal>crypt</>. |
| 331 | + <literal>md5</literal> is now recommended over <literal>crypt</>. |
327 | 332 | See <xref linkend="auth-password"> for details. |
328 | 333 | </para> |
329 | 334 | </listitem> |
@@ -589,8 +594,8 @@ local db1,db2,@demodbs all md5 |
589 | 594 | <para> |
590 | 595 | If you are at all concerned about password |
591 | 596 | <quote>sniffing</> attacks then <literal>md5</> is preferred, with |
592 | | - <literal>crypt</>a second choice if you must support pre-7.2 |
593 | | - clients. Plain <literal>password</> shouldespeciallybe avoided for |
| 597 | + <literal>crypt</>to be used only if you must support pre-7.2 |
| 598 | + clients. Plain <literal>password</> should be avoided especially for |
594 | 599 | connections over the open Internet (unless you use <acronym>SSL</acronym>, |
595 | 600 | <acronym>SSH</>, or another |
596 | 601 | communications security wrapper around the connection). |
|