Make the location of the Kerberos server key file run time configurable

(rather than compile time). For libpq, even when Kerberos support is compiled in, the default user name should still fall back to geteuid() if it can't be determined via the Kerberos system. A couple of fixes for string type configuration parameters, now that there is one.
author: Peter Eisentraut 2000-08-25 10:00:35 +0000
committer: Peter Eisentraut 2000-08-25 10:00:35 +0000
commit: 996832caeec19ed43fdc36db33ae7ee48e348662 (patch)
tree: 737895a8d87f1c4d289dba6db7c12a5d43b02489 /doc/src
parent: 69cf335687eb47e80e56aee7804bf0c2c3facec8 (diff)
3 files changed, 23 insertions, 25 deletions
diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index f22b0af662f..31d910b302a 100644
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@@ -1,4 +1,4 @@
-<!-- $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.3 2000/07/15 21:35:47 petere Exp $ -->
+<!-- $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.4 2000/08/25 10:00:29 petere Exp $ -->
 
 <chapter id="client-authentication">
  <title>Client Authentication</title>
@@ -341,7 +341,7 @@ host    all     192.168.2.0     255.255.255.0           ident othermap
 
   </sect2>
 
-  <sect2>
+  <sect2 id="kerberos-auth">
    <title>Kerberos authentication</title>
 
    <para>
@@ -369,13 +369,15 @@ host    all     192.168.2.0     255.255.255.0           ident othermap
     <productname>Postgres</> should operate like a normal Kerberos
     service. The name of the service principal is normally
     <literal>postgres</literal>, unless it was changed during the
-    build. Make sure that your server keytab file is readable (and
+    build. Make sure that your server key file is readable (and
     preferrably only readable) by the Postgres server account (see
-    <xref linkend="postgres-user">). The location of the keytab file
-    is specified at build time; by default it is
-    <filename>/etc/srvtab</filename> in Kerberos 4 and
-    <filename>FILE:/usr/local/pgsql/etc/krb5.keytab</filename> in
-    Kerberos 5.
+    <xref linkend="postgres-user">). The location of the key file
+    is specified with the <varname>krb_server_keyfile</> run time
+    configuration parameter. (See also <xref linkend="runtime-config">.)
+    The default is <filename>/etc/srvtab</> if you are using Kerberos 4
+    and <filename>FILE:/usr/local/pgsql/etc/krb5.keytab</> (or whichever
+    directory was specified as <varname>sysconfdir</> at build time)
+    with Kerberos 5.
    </para>
 
    <para>
diff --git a/doc/src/sgml/installation.sgml b/doc/src/sgml/installation.sgml
index 63c8dfc1892..62ac008083a 100644
--- a/doc/src/sgml/installation.sgml
+++ b/doc/src/sgml/installation.sgml
@@ -1,4 +1,4 @@
-<!-- $Header: /cvsroot/pgsql/doc/src/sgml/installation.sgml,v 1.13 2000/07/22 14:48:01 petere Exp $ -->
+<!-- $Header: /cvsroot/pgsql/doc/src/sgml/installation.sgml,v 1.14 2000/08/25 10:00:29 petere Exp $ -->
 
 <chapter id="installation">
  <title><![%flattext-install-include[<productname>PostgreSQL</> ]]>Installation Instructions</title>
@@ -578,26 +578,12 @@ su - postgres
       </varlistentry>
 
       <varlistentry>
-       <term>--with-krb-srvtab=<replaceable>FILE</></term>
-       <listitem>
-        <para>
-         Specifies the location of the Kerberos server shared key file
-         (<quote>srvtab</>). If you are using Kerberos 4, this
-         defaults to <filename>/etc/srvtab</>, with Kerberos 5 to
-         <filename>FILE:/usr/local/pgsql/etc/krb5.keytab</>, or
-         equivalent, depending on what you set <option>--sysconfdir</>
-         to above.
-        </para>
-       </listitem>
-      </varlistentry>
-
-      <varlistentry>
        <term>--enable-syslog</term>
        <listitem>
         <para>
          Enables the <productname>PostgreSQL</> server to use the
          syslog logging facility. (Using this option does not mean
-         that you have to log with syslog or even that it will be done
+         that you will have to log with syslog or even that it will be done
          by default, it simply makes it possible to turn this option
          on at run time.)
         </para>
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index ada29b5b601..c7654c5d732 100644
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.18 2000/08/11 18:31:06 tgl Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.19 2000/08/25 10:00:29 petere Exp $
 -->
 
 <Chapter Id="runtime">
@@ -899,6 +899,16 @@ env PGOPTIONS='--geqo=off' psql
      </varlistentry>
 
      <varlistentry>
+      <term>KRB_SERVER_KEYFILE</>
+      <listitem>
+       <para>
+        Sets the location of the Kerberos server key file. See
+        <xref linkend="kerberos-auth"> for details.
+       </para>
+      </listitem>
+     </varlistentry>
+
+     <varlistentry>
       <term>MAX_CONNECTIONS (<type>integer</type>)</term>
       <listitem>
        <para>
author	Peter Eisentraut	2000-08-25 10:00:35 +0000
committer	Peter Eisentraut	2000-08-25 10:00:35 +0000
commit	996832caeec19ed43fdc36db33ae7ee48e348662 (patch)
tree	737895a8d87f1c4d289dba6db7c12a5d43b02489 /doc/src
parent	69cf335687eb47e80e56aee7804bf0c2c3facec8 (diff)