|
1 | | -<!-- $PostgreSQL: pgsql/doc/src/sgml/protocol.sgml,v 1.68 2007/07/18 12:00:47 mha Exp $ --> |
| 1 | +<!-- $PostgreSQL: pgsql/doc/src/sgml/protocol.sgml,v 1.69 2007/12/03 13:40:11 mha Exp $ --> |
2 | 2 |
|
3 | 3 | <chapter id="protocol"> |
4 | 4 | <title>Frontend/Backend Protocol</title> |
|
230 | 230 | The server then sends an appropriate authentication request message, |
231 | 231 | to which the frontend must reply with an appropriate authentication |
232 | 232 | response message (such as a password). |
233 | | - For all authentication methods except GSSAPI, there is at most |
| 233 | + For all authentication methods except GSSAPI and SSPI, there is at most |
234 | 234 | one request and one response. In some methods, no response |
235 | 235 | at all is needed from the frontend, and so no authentication request |
236 | | - occurs. For GSSAPI, multiple iterations of packets may be needed to |
| 236 | + occurs. For GSSAPI and SSPI, multiple iterations of packets may be needed to |
237 | 237 | complete the authentication. |
238 | 238 | </para> |
239 | 239 |
|
|
344 | 344 | </listitem> |
345 | 345 | </varlistentry> |
346 | 346 |
|
| 347 | + <varlistentry> |
| 348 | + <term>AuthenticationSSPI</term> |
| 349 | + <listitem> |
| 350 | + <para> |
| 351 | + The frontend must now initiate a SSPI negotiation. The frontend |
| 352 | + will send a PasswordMessage with the first part of the SSPI |
| 353 | + data stream in response to this. If further messages are needed, |
| 354 | + the server will respond with AuthenticationGSSContinue. |
| 355 | + </para> |
| 356 | + </listitem> |
| 357 | + |
| 358 | + </varlistentry> |
347 | 359 | <varlistentry> |
348 | 360 | <term>AuthenticationGSSContinue</term> |
349 | 361 | <listitem> |
350 | 362 | <para> |
351 | 363 | This message contains the response data from the previous step |
352 | | - of GSSAPI negotiation (AuthenticationGSS or a previous |
353 | | - AuthenticationGSSContinue). If the GSSAPI data in this message |
| 364 | + of GSSAPI or SSPI negotiation (AuthenticationGSS, AuthenticationSSPI |
| 365 | + or a previous AuthenticationGSSContinue). If the GSSAPI |
| 366 | + or SSPI data in this message |
354 | 367 | indicates more data is needed to complete the authentication, |
355 | 368 | the frontend must send this data as another PasswordMessage. If |
356 | 369 | GSSAPI authentication is completed by this message, the server |
@@ -1706,6 +1719,49 @@ AuthenticationGSS (B) |
1706 | 1719 | </varlistentry> |
1707 | 1720 |
|
1708 | 1721 |
|
| 1722 | +<varlistentry> |
| 1723 | +<term> |
| 1724 | +AuthenticationSSPI (B) |
| 1725 | +</term> |
| 1726 | +<listitem> |
| 1727 | +<para> |
| 1728 | + |
| 1729 | +<variablelist> |
| 1730 | +<varlistentry> |
| 1731 | +<term> |
| 1732 | + Byte1('R') |
| 1733 | +</term> |
| 1734 | +<listitem> |
| 1735 | +<para> |
| 1736 | + Identifies the message as an authentication request. |
| 1737 | +</para> |
| 1738 | +</listitem> |
| 1739 | +</varlistentry> |
| 1740 | +<varlistentry> |
| 1741 | +<term> |
| 1742 | + Int32(8) |
| 1743 | +</term> |
| 1744 | +<listitem> |
| 1745 | +<para> |
| 1746 | + Length of message contents in bytes, including self. |
| 1747 | +</para> |
| 1748 | +</listitem> |
| 1749 | +</varlistentry> |
| 1750 | +<varlistentry> |
| 1751 | +<term> |
| 1752 | + Int32(9) |
| 1753 | +</term> |
| 1754 | +<listitem> |
| 1755 | +<para> |
| 1756 | + Specifies that SSPI authentication is required. |
| 1757 | +</para> |
| 1758 | +</listitem> |
| 1759 | +</varlistentry> |
| 1760 | +</variablelist> |
| 1761 | + |
| 1762 | +</para> |
| 1763 | +</listitem> |
| 1764 | +</varlistentry> |
1709 | 1765 | <varlistentry> |
1710 | 1766 | <term> |
1711 | 1767 | AuthenticationGSSContinue (B) |
@@ -1750,7 +1806,7 @@ AuthenticationGSSContinue (B) |
1750 | 1806 | </term> |
1751 | 1807 | <listitem> |
1752 | 1808 | <para> |
1753 | | - GSSAPI authentication data. |
| 1809 | + GSSAPIor SSPIauthentication data. |
1754 | 1810 | </para> |
1755 | 1811 | </listitem> |
1756 | 1812 | </varlistentry> |
|