Add note about deprecating krb5 authentication in favour of GSSAPI,

per discussions (a long time ago). Documentation only, we keep full
support in the code.

diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index af67642d456231f1b7c687e85c0b08d1133e3fa8..78c64046c40175e7c094a333c0281521a02f79d4 100644 (file)
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@@ -722,6 +722,15 @@ local   db1,db2,@demodbs  all                         md5
     <primary>Kerberos</primary>
    </indexterm>
 
+   <note>
+    <para>
+     Native Kerberos authentication has been deprecated and should be used
+     only for backward compatibility. New and upgraded installations are
+     encouraged to use the industry-standard <productname>GSSAPI</productname>
+     authentication (see <xref linkend="gssapi-auth">) instead.
+    </para>
+   </note>
+
    <para>
     <productname>Kerberos</productname> is an industry-standard secure
     authentication system suitable for distributed computing over a public