Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
P
postgres-lambda-diff
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container Registry
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Jakob Huber
postgres-lambda-diff
Commits
461ea6b7
Commit
461ea6b7
authored
23 years ago
by
Bruce Momjian
Browse files
Options
Downloads
Patches
Plain Diff
Better document use of ident on localhost, per Tom Lane's idea.
parent
357d9bdc
No related branches found
Branches containing commit
No related tags found
Tags containing commit
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
doc/src/sgml/client-auth.sgml
+7
-3
7 additions, 3 deletions
doc/src/sgml/client-auth.sgml
src/backend/libpq/pg_hba.conf.sample
+23
-23
23 additions, 23 deletions
src/backend/libpq/pg_hba.conf.sample
with
30 additions
and
26 deletions
doc/src/sgml/client-auth.sgml
+
7
−
3
View file @
461ea6b7
<!-- $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.1
1
2001/0
5
/1
2
2
2:51:34 petere
Exp $ -->
<!-- $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.1
2
2001/0
7
/1
1
2
0:32:10 momjian
Exp $ -->
<chapter id="client-authentication">
<title>Client Authentication</title>
...
...
@@ -242,7 +242,10 @@ hostssl <replaceable>database</replaceable> <replaceable>IP-address</replaceable
of the connecting user. <productname>Postgres</productname>
then verifies whether the so identified operating system user
is allowed to connect as the database user that is requested.
This is only available for TCP/IP connections.
This is only available for TCP/IP connections. It can be used
on the local machine by specifying the localhost address 127.0.0.1.
</para>
<para>
The <replaceable>authentication option</replaceable> following
the <literal>ident</> keyword specifies the name of an
<firstterm>ident map</firstterm> that specifies which operating
...
...
@@ -553,7 +556,8 @@ host all 192.168.0.0 255.255.0.0 ident omicron
<attribution>RFC 1413</attribution>
<para>
The Identification Protocol is not intended as an authorization
or access control protocol.
or access control protocol. You must trust the machine running the
ident server.
</para>
</blockquote>
</para>
...
...
This diff is collapsed.
Click to expand it.
src/backend/libpq/pg_hba.conf.sample
+
23
−
23
View file @
461ea6b7
#
#
PostgreSQL HOST-BASED ACCESS (HBA) CONTROL FILE
#
PostgreSQL HOST-BASED ACCESS (HBA) CONTROL FILE
#
#
# This file controls:
...
...
@@ -101,9 +101,9 @@
# be use only for machines where all users are truested.
#
# password: Authentication is done by matching a password supplied
#
in clear by the host. If no AUTH_ARGUMENT is used, the
#
password is compared with the user's entry in the
#
pg_shadow table.
# in clear by the host. If no AUTH_ARGUMENT is used, the
# password is compared with the user's entry in the
# pg_shadow table.
#
# If AUTH_ARGUMENT is specified, the username is looked up
# in that file in the $PGDATA directory. If the username
...
...
@@ -118,30 +118,30 @@
# passwords.
#
# crypt: Same as "password", but authentication is done by
#
encrypting the password sent over the network. This is
#
always preferable to "password" except for old clients
#
that don't support "crypt". Also, crypt can use
#
usernames stored in secondary password files but not
#
secondary passwords.
#
# ident:
Authentication is done by the ident server on the local
#
or remote host. AUTH_ARGUMENT is required and
maps names
# found in the $PGDATA/pg_ident.conf file. The
connection
#
is accepted if the file contains an entry for
this map
#
name with the ident-supplied username and the
requested
#
PostgreSQL username. The special map name
"sameuser"
#
indicates an implied map (not in pg_ident.conf)
that
#
maps each ident username to the identical PostgreSQL
# encrypting the password sent over the network. This is
# always preferable to "password" except for old clients
# that don't support "crypt". Also, crypt can use
# usernames stored in secondary password files but not
# secondary passwords.
#
# ident:
Authentication is done by the ident server on the local
#
(127.0.0.1)
or remote host. AUTH_ARGUMENT is required and
#
maps names
found in the $PGDATA/pg_ident.conf file. The
#
connection
is accepted if the file contains an entry for
#
this map
name with the ident-supplied username and the
#
requested
PostgreSQL username. The special map name
#
"sameuser"
indicates an implied map (not in pg_ident.conf)
#
that
maps each ident username to the identical PostgreSQL
# username.
#
# krb4:
Kerberos V4 authentication is used.
# krb4: Kerberos V4 authentication is used.
#
# krb5:
Kerberos V5 authentication is used.
# krb5: Kerberos V5 authentication is used.
#
# reject: Reject the connection. This is used to reject certain hosts
#
that are part of a network specified later in the file.
#
To be effective, "reject" must appear before the later
#
entries.
# that are part of a network specified later in the file.
# To be effective, "reject" must appear before the later
# entries.
#
# Local UNIX-domain socket connections support only the AUTH_TYPEs of
# "trust", "password", "crypt", and "reject".
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
