diff options
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/client-auth.sgml | 37 | ||||
| -rw-r--r-- | doc/src/sgml/protocol.sgml | 70 | ||||
| -rw-r--r-- | doc/src/sgml/user-manag.sgml | 6 |
3 files changed, 9 insertions, 104 deletions
diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml index 5a308eb8958..93482be6eab 100644 --- a/doc/src/sgml/client-auth.sgml +++ b/doc/src/sgml/client-auth.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.109 2008/10/23 13:31:09 mha Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.110 2008/10/28 12:10:42 mha Exp $ --> <chapter id="client-authentication"> <title>Client Authentication</title> @@ -316,24 +316,6 @@ hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable> </varlistentry> <varlistentry> - <term><literal>crypt</></term> - <listitem> - <note> - <para> - This option is recommended only for communicating with pre-7.2 - clients. - </para> - </note> - <para> - Require the client to supply a <function>crypt()</>-encrypted - password for authentication. - <literal>md5</literal> is now recommended over <literal>crypt</>. - See <xref linkend="auth-password"> for details. - </para> - </listitem> - </varlistentry> - - <varlistentry> <term><literal>password</></term> <listitem> <para> @@ -705,30 +687,21 @@ omicron bryanh guest1 <primary>MD5</> </indexterm> <indexterm> - <primary>crypt</> - </indexterm> - <indexterm> <primary>password</primary> <secondary>authentication</secondary> </indexterm> <para> The password-based authentication methods are <literal>md5</>, - <literal>crypt</>, and <literal>password</>. These methods operate + and <literal>password</>. These methods operate similarly except for the way that the password is sent across the - connection: respectively, MD5-hashed, crypt-encrypted, and clear-text. - A limitation is that the <literal>crypt</> method does not work with - passwords that have been encrypted in <structname>pg_authid</structname>. + connection: respectively, MD5-hashed and clear-text. </para> <para> If you are at all concerned about password - <quote>sniffing</> attacks then <literal>md5</> is preferred, with - <literal>crypt</> to be used only if you must support pre-7.2 - clients. Plain <literal>password</> should be avoided especially for - connections over the open Internet (unless you use <acronym>SSL</acronym>, - <acronym>SSH</>, or another - communications security wrapper around the connection). + <quote>sniffing</> attacks then <literal>md5</> is preferred. + Plain <literal>password</> should always be avoided if possible. </para> <para> diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml index 0797812c000..c9a0c7abde7 100644 --- a/doc/src/sgml/protocol.sgml +++ b/doc/src/sgml/protocol.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/protocol.sgml,v 1.73 2008/02/08 18:18:05 tgl Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/protocol.sgml,v 1.74 2008/10/28 12:10:42 mha Exp $ --> <chapter id="protocol"> <title>Frontend/Backend Protocol</title> @@ -296,19 +296,6 @@ </varlistentry> <varlistentry> - <term>AuthenticationCryptPassword</term> - <listitem> - <para> - The frontend must now send a PasswordMessage containing the - password encrypted via crypt(3), using the 2-character salt - specified in the AuthenticationCryptPassword message. If - this is the correct password, the server responds with an - AuthenticationOk, otherwise it responds with an ErrorResponse. - </para> - </listitem> - </varlistentry> - - <varlistentry> <term>AuthenticationMD5Password</term> <listitem> <para> @@ -1533,61 +1520,6 @@ AuthenticationCleartextPassword (B) <varlistentry> <term> -AuthenticationCryptPassword (B) -</term> -<listitem> -<para> - -<variablelist> -<varlistentry> -<term> - Byte1('R') -</term> -<listitem> -<para> - Identifies the message as an authentication request. -</para> -</listitem> -</varlistentry> -<varlistentry> -<term> - Int32(10) -</term> -<listitem> -<para> - Length of message contents in bytes, including self. -</para> -</listitem> -</varlistentry> -<varlistentry> -<term> - Int32(4) -</term> -<listitem> -<para> - Specifies that a crypt()-encrypted password is required. -</para> -</listitem> -</varlistentry> -<varlistentry> -<term> - Byte2 -</term> -<listitem> -<para> - The salt to use when encrypting the password. -</para> -</listitem> -</varlistentry> -</variablelist> - -</para> -</listitem> -</varlistentry> - - -<varlistentry> -<term> AuthenticationMD5Password (B) </term> <listitem> diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml index d4d9fcc5150..7023c2c724a 100644 --- a/doc/src/sgml/user-manag.sgml +++ b/doc/src/sgml/user-manag.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/user-manag.sgml,v 1.40 2008/09/08 00:47:40 tgl Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/user-manag.sgml,v 1.41 2008/10/28 12:10:42 mha Exp $ --> <chapter id="user-manag"> <title>Database Roles and Privileges</title> @@ -215,8 +215,8 @@ CREATE USER <replaceable>name</replaceable>; <para> A password is only significant if the client authentication method requires the user to supply a password when connecting - to the database. The <option>password</>, - <option>md5</>, and <option>crypt</> authentication methods + to the database. The <option>password</> and + <option>md5</> authentication methods make use of passwords. Database passwords are separate from operating system passwords. Specify a password upon role creation with <literal>CREATE ROLE |