From 819159709fe15e9270731a31b99d9767f499336c Mon Sep 17 00:00:00 2001
From: Bruce Momjian
Date: Mon, 24 Oct 2005 15:38:37 +0000
Subject: I have applied the following patch to document PQinitSSL() and
 PQregisterThreadLock().

I also remove the crypt() mention in the libpq threading section and
added a single sentence in the client-auth manual page under crypt().
Crypt authentication is so old now that a separate paragraph about it
seemed unwise.

I also added a comment about our use of locking around pqGetpwuid().
---
 doc/src/sgml/client-auth.sgml |  3 ++-
 doc/src/sgml/libpq.sgml       | 23 ++++++++++++++++-------
 2 files changed, 18 insertions(+), 8 deletions(-)

(limited to 'doc/src')

diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index 527676fd626..a82b79bd7dd 100644
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.83 2005/08/14 23:35:37 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.84 2005/10/24 15:38:36 momjian Exp $
 -->
 
 <chapter id="client-authentication">
@@ -337,6 +337,7 @@ hostnossl  <replaceable>database</replaceable>  <replaceable>user</replaceable>
           authentication.
           Since the password is sent in clear text over the
           network, this should not be used on untrusted networks.
+          It also does not usually work with threaded client applications.
           See <xref linkend="auth-password"> for details.
          </para>
         </listitem>
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index 63fb3ab4192..31980e9017f 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.196 2005/10/20 23:57:51 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.197 2005/10/24 15:38:36 momjian Exp $
 -->
 
  <chapter id="libpq">
@@ -4032,6 +4032,15 @@ however.)
    fail if the server does not present a certificate; therefore, to
    use this feature the server must also have a <filename>root.crt</> file.
   </para>
+
+  <para>
+   If you are using <acronym>SSL</> inside your application (in addition to
+   inside <application>libpq</application>), you can use <function>PQinitSSL(int)</>
+   to tell <application>libpq</application> that the <acronym>SSL</> library
+   has already been initialized by your application.
+  </para>
+
+
 </sect1>
 
 
@@ -4081,12 +4090,12 @@ are not thread-safe and should not be used in multithread programs.
 </para>
 
 <para>
-<application>libpq</application> applications that use the
-<literal>crypt</literal> authentication method rely on the
-<literal>crypt()</literal> operating system function, which is often
-not thread-safe.<indexterm><primary>crypt</><secondary>thread
-safety</></> It is better to use the <literal>md5</literal> method,
-which is thread-safe on all platforms.
+If you are using Kerberos inside your application (in addition to inside 
+<application>libpq</application>), you will need to do locking around 
+Kerberos calls because Kerberos functions are not thread-safe.  See 
+function <function>PQregisterThreadLock</> in the 
+<application>libpq</application> source code for a way to do cooperative 
+locking between <application>libpq</application> and your application.
 </para>
 
 <para>
-- 
cgit v1.2.3