> pam_strerror() should be used a few more times, rather than just saying
> "Error!".  Also, the configure.in snippet seems wrong.  You add
> -I$pam_prefix/include/security to $INCLUDES and then you #include
> <security/pam_appl.h>.  This whole thing is probably unnecessary, since
> PAM is a system library on the systems where it exists, so the headers
> and libraries are found automatically, unlike OpenSSL and
> Kerberos.

See attached revised patch. (I'm sure the configure.in stuff can be done
right/better, I'm just not enough of a autoconf guru to know what to
change it to.)

Dominic J. Eidson

Allow pg_shadow to be MD5 encrypted.
Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user.
Add password_encryption postgresql.conf option.
Update wire protocol version to 2.1.

system supports SO_PEERCRED requests for Unix sockets.  This is an
amalgamation of patches submitted by Helge Bahmann and Oliver Elphick,
with some editorializing by yours truly.

documentation.

I hope I didn't mess the SGML up too bad, but somebody should definitly
look that over. I tried to steal as much as I could from around :-)

This patch updates:
* Installation instructions (paragraph on how to compile with openssl)
* Documentation of pg_hba.conf (added "hostssl" record docs)
* Libpq documentation (added connection option, documentation of
  PQgetssl() function)
* Add section on SSL to "Server Runtime Environment"

If you beleive any particular area needs more attention, please let me know.

//Magnus

documentation.

I hope I didn't mess the SGML up too bad, but somebody should definitly
look that over. I tried to steal as much as I could from around :-)

This patch updates:
* Installation instructions (paragraph on how to compile with openssl)
* Documentation of pg_hba.conf (added "hostssl" record docs)
* Libpq documentation (added connection option, documentation of
  PQgetssl() function)
* Add section on SSL to "Server Runtime Environment"

If you beleive any particular area needs more attention, please let me know.

//Magnus

(rather than compile time). For libpq, even when Kerberos support is
compiled in, the default user name should still fall back to geteuid()
if it can't be determined via the Kerberos system.

A couple of fixes for string type configuration parameters, now that there
is one.

files to restrict the set of users that can connect to a database
but can still use the pg_shadow password. (You just leave off the
password field in the secondary file.)

reference page to new configuration system. Big update to administrator's
guide, chapters Runtime environment, Client authentication, and User
management, the latter two were part of the old Security chapter.