"replication" are quoted in pg_hba.conf, they lose their special meaning.

doc change.

GSSAPI or Kerberos.

Ian Turner

the server.

Gets rid of a fairly ugly hack for Solaris, and also provides hostname
and IPV6 support.

Noted by Thom Brown.

to make it easier to use with tabs.

This includes two new kinds of postmaster processes, walsenders and
walreceiver. Walreceiver is responsible for connecting to the primary server
and streaming WAL to disk, while walsender runs in the primary server and
streams WAL from disk to the client.

Documentation still needs work, but the basics are there. We will probably
pull the replication section to a new chapter later on, as well as the
sections describing file-based replication. But let's do that as a separate
patch, so that it's easier to see what has been added/changed. This patch
also adds a new section to the chapter about FE/BE protocol, documenting the
protocol used by walsender/walreceivxer.

Bump catalog version because of two new functions,
pg_last_xlog_receive_location() and pg_last_xlog_replay_location(), for
monitoring the progress of replication.

Fujii Masao, with additional hacking by me

does a search for the user in the directory first, and then binds with
the DN found for this user.

This allows for LDAP logins in scenarios where the DN of the user cannot
be determined simply by prefix and suffix, such as the case where different
users are located in different containers.

The old way of authentication can be significantly faster, so it's kept
as an option.

Robert Fleming and Magnus Hagander

by enumerating the machine's IP interfaces to look for a match.

Stef Walter

their GUCs.

In passing, noted that the pg_hba options for krb5 authentication weren't
listed at all - so add this.

to pass the full username@realm string to the authentication instead of
just the username. This makes it possible to use pg_ident.conf to authenticate
users from multiple realms as different database users.

authentication options to be set in pg_hba.conf on a per-line basis, to
override the defaults set in postgresql.conf.

documentation.

db_user_namespace is enabled.

Also document this limitation.

database (only for SSL connections, obviously).

getpeerucred() function.

Author: Garick Hamlin <ghamlin@isc.upenn.edu>

This breaks compatibility with pre-7.2 versions.

* make LDAP use this instead of the hacky previous method to specify
  the DN to bind as
* make all auth options behave the same when they are not compiled
  into the server
* rename "ident maps" to "user name maps", and support them for all
  auth methods that provide an external username

This makes a backwards incompatible change in the format of pg_hba.conf
for the ident, PAM and LDAP authentication methods.

each connection. This makes it possible to catch errors in the pg_hba
file when it's being reloaded, instead of silently reloading a broken
file and failing only when a user tries to connect.

This patch also makes the "sameuser" argument to ident authentication
optional.

non-root.

Dhanaraj M

per discussions (a long time ago). Documentation only, we keep full
support in the code.

to validate the realm of the connecting user. By default
it's empty meaning no verification, which is the way
Kerberos authentication has traditionally worked in
PostgreSQL.

the problems non-root reading /etc/shadow.

against a Unix server, and Windows-specific server-side authentication
using SSPI "negotiate" method (Kerberos or NTLM).

Only builds properly with MSVC for now.

commas are often present in the URL.

Backpatch to 8.2.X.

Standard English uses "may", "can", and "might" in different ways:

        may - permission, "You may borrow my rake."

        can - ability, "I can lift that log."

        might - possibility, "It might rain today."

Unfortunately, in conversational English, their use is often mixed, as
in, "You may use this variable to do X", when in fact, "can" is a better
choice.  Similarly, "It may crash" is better stated, "It might crash".

Also update two error messages mentioned in the documenation to match.

or queries over the network.