diff options
| -rw-r--r-- | doc/src/sgml/client-auth.sgml | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml index e8de87743f3..46daf06173b 100644 --- a/doc/src/sgml/client-auth.sgml +++ b/doc/src/sgml/client-auth.sgml @@ -1,5 +1,5 @@ <!-- -$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.70.4.1 2005/01/23 00:37:12 momjian Exp $ +$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.70.4.2 2005/01/28 22:38:50 tgl Exp $ --> <chapter id="client-authentication"> @@ -709,7 +709,7 @@ local db1,db2,@demodbs all md5 <para> The ident authentication method works by obtaining the client's - operating system user name and determining the allowed database + operating system user name, then determining the allowed database user names using a map file that lists the permitted corresponding pairs of names. The determination of the client's user name is the security-critical point, and it works differently @@ -752,6 +752,15 @@ local db1,db2,@demodbs all md5 </para> </blockquote> </para> + + <para> + Some ident servers have a nonstandard option that causes the returned + user name to be encrypted, using a key that only the originating + machine's administrator knows. This option <emphasis>must not</> be + used when using the ident server with <productname>PostgreSQL</>, + since <productname>PostgreSQL</> does not have any way to decrypt the + returned string to determine the actual user name. + </para> </sect3> <sect3> |