diff options
| author | Marc G. Fournier | 1998-01-26 01:42:53 +0000 |
|---|---|---|
| committer | Marc G. Fournier | 1998-01-26 01:42:53 +0000 |
| commit | d5bbe2aca55bc833e38c768d7f82c129b8b70c83 (patch) | |
| tree | 47f4e1ecb3277869bb276e5433df335d920d1baf /src/man/pgintro.1 | |
| parent | 91d983aa1140e3ae109684ff7c916583ed059e0e (diff) | |
From: Phil Thompson <phil@river-bank.demon.co.uk>
I've completed the patch to fix the protocol and authentication issues I
was discussing a couple of weeks ago. The particular changes are:
- the protocol has a version number
- network byte order is used throughout
- the pg_hba.conf file is used to specify what method is used to
authenticate a frontend (either password, ident, trust, reject, krb4
or krb5)
- support for multiplexed backends is removed
- appropriate changes to man pages
- the -a switch to many programs to specify an authentication service
no longer has any effect
- the libpq.so version number has changed to 1.1
The new backend still supports the old protocol so old interfaces won't
break.
Diffstat (limited to 'src/man/pgintro.1')
| -rw-r--r-- | src/man/pgintro.1 | 23 |
1 files changed, 6 insertions, 17 deletions
diff --git a/src/man/pgintro.1 b/src/man/pgintro.1 index 3a8becaf247..8801b6ed226 100644 --- a/src/man/pgintro.1 +++ b/src/man/pgintro.1 @@ -1,6 +1,6 @@ .\" This is -*-nroff-*- .\" XXX standard disclaimer belongs here.... -.\" $Header: /cvsroot/pgsql/src/man/Attic/pgintro.1,v 1.2 1998/01/11 22:17:50 momjian Exp $ +.\" $Header: /cvsroot/pgsql/src/man/Attic/pgintro.1,v 1.3 1998/01/26 01:42:50 scrappy Exp $ .TH PGINTRO UNIX 11/05/95 PostgreSQL PostgreSQL .SP INFORMATION UNIX 11/05/95 .BH "SECTION 2 - Unix COMMANDS (Unix)" @@ -105,26 +105,15 @@ conducted. If the Postgres system is built as distributed, access to the Internet TCP port of the .IR postmaster -process is available to anyone. However, Postgres offers optional -host-based authentication where only access from certain hosts are -allowed. Of course, host-based authentication is not fool-proof in +process is available to anyone. The DBA configures the pg_hba.conf file +in the PGDATA directory to specify what authentication system is to be used +according to the host making the connection and which database it is +connecting to. See pg_hba.conf(5) for a description of the authentication +systems available. Of course, host-based authentication is not fool-proof in Unix, either. It is possible for determined intruders to also masquerade the origination host. Those security issues are beyond the scope of Postgres. .PP -If greater security is desired, Postgres and its clients may be -modified to use a network authentication system. For example, the -.IR postmaster , -.IR psql -and the -.IR libpq -library have already been configured to use either Version 4 or Version 5 of -the -.IR Kerberos -authentication system from the Massachusetts Institute of Technology. -For more information on using -.IR Kerberos -with Postgres, see the appendix below. .SH "ACCESS CONTROL" Postgres provides mechanisms to allow users to limit the access to their data that is provided to other users. |