diff options
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/client-auth.sgml | 40 | ||||
| -rw-r--r-- | doc/src/sgml/libpq.sgml | 22 |
2 files changed, 60 insertions, 2 deletions
diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml index e3fa1c8b27d..dd3bd8be4d4 100644 --- a/doc/src/sgml/client-auth.sgml +++ b/doc/src/sgml/client-auth.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.99 2007/07/18 12:00:47 mha Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.100 2007/07/23 10:16:53 mha Exp $ --> <chapter id="client-authentication"> <title>Client Authentication</title> @@ -359,6 +359,17 @@ hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable> </varlistentry> <varlistentry> + <term><literal>sspi</></term> + <listitem> + <para> + Use SSPI to authenticate the user. This is only + available on Windows. See <xref + linkend="sspi-auth"> for details. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term><literal>krb5</></term> <listitem> <para> @@ -677,6 +688,33 @@ local db1,db2,@demodbs all md5 </sect2> + <sect2 id="sspi-auth"> + <title>SSPI authentication</title> + + <indexterm zone="sspi-auth"> + <primary>SSPI</primary> + </indexterm> + + <para> + <productname>SSPI</productname> is a <productname>Windows</productname> + technology for secure authentication with single sign-on. + <productname>PostgreSQL</productname> will use SSPI in + <literal>negotiate</literal> mode, which will use + <productname>Kerberos</productname> when possible and automatically + fall back to <productname>NTLM</productname> in other cases. + <productname>SSPI</productname> authentication only works when both + server and client are running <productname>Windows</productname>. + </para> + + <para> + When using <productname>Kerberos</productname> authentication, + <productname>SSPI</productname> works the same way + <productname>GSSAPI</productname> does. See <xref linkend="gssapi-auth"> + for details. + </para> + + </sect2> + <sect2 id="kerberos-auth"> <title>Kerberos authentication</title> diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index e1ee97ce182..117bc5f3509 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.238 2007/07/18 12:00:47 mha Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.239 2007/07/23 10:16:53 mha Exp $ --> <chapter id="libpq"> <title><application>libpq</application> - C Library</title> @@ -291,6 +291,17 @@ PGconn *PQconnectdb(const char *conninfo); </varlistentry> <varlistentry> + <term><literal>gsslib</literal></term> + <listitem> + <para> + GSS library to use for GSSAPI authentication. Only used on Windows. + Set to <literal>gssapi</literal> to force libpq to use the GSSAPI + library for authentication instead of the default SSPI. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term><literal>service</literal></term> <listitem> <para> @@ -4221,6 +4232,15 @@ authenticating with Kerberos 5 or GSSAPI. <listitem> <para> <indexterm> + <primary><envar>PGGSSLIB</envar></primary> +</indexterm> +<envar>PGGSSLIB</envar> sets the GSS library to use for GSSAPI +authentication. +</para> +</listitem> +<listitem> +<para> +<indexterm> <primary><envar>PGCONNECT_TIMEOUT</envar></primary> </indexterm> <envar>PGCONNECT_TIMEOUT</envar> sets the maximum number of seconds |