diff options
| author | Bruce Momjian | 2008-11-20 20:45:30 +0000 |
|---|---|---|
| committer | Bruce Momjian | 2008-11-20 20:45:30 +0000 |
| commit | 170b66a0c5ed7b1921fb6119f0668136fecc0a05 (patch) | |
| tree | 6969926a64c1bcba1959a988075d27837d116f5d /doc | |
| parent | 176961c1f14a5d0256c6b03548c065f5b5cbccd7 (diff) | |
Issue a proper error message when MD5 is attempted when
db_user_namespace is enabled.
Also document this limitation.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/src/sgml/client-auth.sgml | 4 | ||||
| -rw-r--r-- | doc/src/sgml/config.sgml | 13 |
2 files changed, 15 insertions, 2 deletions
diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml index f10a93953e1..4a8aea4d3a9 100644 --- a/doc/src/sgml/client-auth.sgml +++ b/doc/src/sgml/client-auth.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.112 2008/11/20 11:48:26 mha Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.113 2008/11/20 20:45:29 momjian Exp $ --> <chapter id="client-authentication"> <title>Client Authentication</title> @@ -712,6 +712,8 @@ omicron bryanh guest1 If you are at all concerned about password <quote>sniffing</> attacks then <literal>md5</> is preferred. Plain <literal>password</> should always be avoided if possible. + <literal>md5</> cannot be used with <xref + linkend="guc-db-user-namespace">. </para> <para> diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index 7931ea87377..dcb7c51b25a 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.195 2008/11/11 02:42:31 tgl Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.196 2008/11/20 20:45:29 momjian Exp $ --> <chapter Id="runtime-config"> <title>Server Configuration</title> @@ -706,6 +706,17 @@ SET ENABLE_SEQSCAN TO OFF; before the user name is looked up by the server. </para> + <para> + <varname>db_user_namespace</> causes the client's and + server's user name representation to differ. + Authentication checks are always done with the server's user name + so authentication methods must be configured for the + server's user name, not the client's. Because + <literal>md5</> uses the user name as salt on both the + client and server, <literal>md5</> cannot be used with + <varname>db_user_namespace</>. + </para> + <note> <para> This feature is intended as a temporary measure until a |