diff options
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/client-auth.sgml | 18 | ||||
| -rw-r--r-- | doc/src/sgml/installation.sgml | 18 | ||||
| -rw-r--r-- | doc/src/sgml/runtime.sgml | 12 |
3 files changed, 23 insertions, 25 deletions
diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml index f22b0af662f..31d910b302a 100644 --- a/doc/src/sgml/client-auth.sgml +++ b/doc/src/sgml/client-auth.sgml @@ -1,4 +1,4 @@ -<!-- $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.3 2000/07/15 21:35:47 petere Exp $ --> +<!-- $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.4 2000/08/25 10:00:29 petere Exp $ --> <chapter id="client-authentication"> <title>Client Authentication</title> @@ -341,7 +341,7 @@ host all 192.168.2.0 255.255.255.0 ident othermap </sect2> - <sect2> + <sect2 id="kerberos-auth"> <title>Kerberos authentication</title> <para> @@ -369,13 +369,15 @@ host all 192.168.2.0 255.255.255.0 ident othermap <productname>Postgres</> should operate like a normal Kerberos service. The name of the service principal is normally <literal>postgres</literal>, unless it was changed during the - build. Make sure that your server keytab file is readable (and + build. Make sure that your server key file is readable (and preferrably only readable) by the Postgres server account (see - <xref linkend="postgres-user">). The location of the keytab file - is specified at build time; by default it is - <filename>/etc/srvtab</filename> in Kerberos 4 and - <filename>FILE:/usr/local/pgsql/etc/krb5.keytab</filename> in - Kerberos 5. + <xref linkend="postgres-user">). The location of the key file + is specified with the <varname>krb_server_keyfile</> run time + configuration parameter. (See also <xref linkend="runtime-config">.) + The default is <filename>/etc/srvtab</> if you are using Kerberos 4 + and <filename>FILE:/usr/local/pgsql/etc/krb5.keytab</> (or whichever + directory was specified as <varname>sysconfdir</> at build time) + with Kerberos 5. </para> <para> diff --git a/doc/src/sgml/installation.sgml b/doc/src/sgml/installation.sgml index 63c8dfc1892..62ac008083a 100644 --- a/doc/src/sgml/installation.sgml +++ b/doc/src/sgml/installation.sgml @@ -1,4 +1,4 @@ -<!-- $Header: /cvsroot/pgsql/doc/src/sgml/installation.sgml,v 1.13 2000/07/22 14:48:01 petere Exp $ --> +<!-- $Header: /cvsroot/pgsql/doc/src/sgml/installation.sgml,v 1.14 2000/08/25 10:00:29 petere Exp $ --> <chapter id="installation"> <title><![%flattext-install-include[<productname>PostgreSQL</> ]]>Installation Instructions</title> @@ -578,26 +578,12 @@ su - postgres </varlistentry> <varlistentry> - <term>--with-krb-srvtab=<replaceable>FILE</></term> - <listitem> - <para> - Specifies the location of the Kerberos server shared key file - (<quote>srvtab</>). If you are using Kerberos 4, this - defaults to <filename>/etc/srvtab</>, with Kerberos 5 to - <filename>FILE:/usr/local/pgsql/etc/krb5.keytab</>, or - equivalent, depending on what you set <option>--sysconfdir</> - to above. - </para> - </listitem> - </varlistentry> - - <varlistentry> <term>--enable-syslog</term> <listitem> <para> Enables the <productname>PostgreSQL</> server to use the syslog logging facility. (Using this option does not mean - that you have to log with syslog or even that it will be done + that you will have to log with syslog or even that it will be done by default, it simply makes it possible to turn this option on at run time.) </para> diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml index ada29b5b601..c7654c5d732 100644 --- a/doc/src/sgml/runtime.sgml +++ b/doc/src/sgml/runtime.sgml @@ -1,5 +1,5 @@ <!-- -$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.18 2000/08/11 18:31:06 tgl Exp $ +$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.19 2000/08/25 10:00:29 petere Exp $ --> <Chapter Id="runtime"> @@ -899,6 +899,16 @@ env PGOPTIONS='--geqo=off' psql </varlistentry> <varlistentry> + <term>KRB_SERVER_KEYFILE</> + <listitem> + <para> + Sets the location of the Kerberos server key file. See + <xref linkend="kerberos-auth"> for details. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>MAX_CONNECTIONS (<type>integer</type>)</term> <listitem> <para> |