diff options
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/client-auth.sgml | 10 | ||||
| -rw-r--r-- | doc/src/sgml/config.sgml | 17 |
2 files changed, 21 insertions, 6 deletions
diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml index b4a851588ea..9e3ab2440d9 100644 --- a/doc/src/sgml/client-auth.sgml +++ b/doc/src/sgml/client-auth.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.101 2007/09/14 03:53:54 momjian Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.102 2007/11/09 17:31:07 mha Exp $ --> <chapter id="client-authentication"> <title>Client Authentication</title> @@ -773,10 +773,10 @@ local db1,db2,@demodbs all md5 <para> Client principals must have their <productname>PostgreSQL</> database user name as their first component, for example - <literal>pgusername/otherstuff@realm</>. At present the realm of - the client is not checked by <productname>PostgreSQL</>; so if you - have cross-realm authentication enabled, then any principal in any - realm that can communicate with yours will be accepted. + <literal>pgusername@realm</>. By default, the realm of the client is + not checked by <productname>PostgreSQL</>. If you have cross-realm + authentication enabled and need to verify the realm, use the + <xref linkend="guc-krb-realm"> parameter. </para> <para> diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index f070290f483..d8d8c4deb14 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.153 2007/11/05 17:35:38 momjian Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.154 2007/11/09 17:31:07 mha Exp $ --> <chapter Id="runtime-config"> <title>Server Configuration</title> @@ -601,6 +601,21 @@ SET ENABLE_SEQSCAN TO OFF; </listitem> </varlistentry> + <varlistentry id="guc-krb-realm" xreflabel="krb_realm"> + <term><varname>krb_realm</varname> (<type>string</type>)</term> + <indexterm> + <primary><varname>krb_realm</> configuration parameter</primary> + </indexterm> + <listitem> + <para> + Sets the realm to match Kerberos, GSSAPI and SSPI usernames against. + See <xref linkend="kerberos-auth">, <xref linkend="gssapi-auth"> or + <xref linkend="sspi-auth"> for details. This parameter can only be + set at server start. + </para> + </listitem> + </varlistentry> + <varlistentry id="guc-krb-server-keyfile" xreflabel="krb_server_keyfile"> <term><varname>krb_server_keyfile</varname> (<type>string</type>)</term> <indexterm> |