diff options
Diffstat (limited to 'src/backend')
| -rw-r--r-- | src/backend/libpq/auth.c | 4 | ||||
| -rw-r--r-- | src/backend/libpq/hba.c | 4 | ||||
| -rw-r--r-- | src/backend/libpq/pg_hba.conf.sample | 27 |
3 files changed, 19 insertions, 16 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 96bb8f0c572..78bff875ad1 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.67 2001/09/21 20:31:45 tgl Exp $ + * $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.68 2001/09/26 19:54:12 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -520,7 +520,7 @@ ClientAuthentication(Port *port) break; case uaIdent: -#if !defined(SO_PEERCRED) && (defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED)) +#if !defined(SO_PEERCRED) && (defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS))) /* * If we are doing ident on unix-domain sockets, * use SCM_CREDS only if it is defined and SO_PEERCRED isn't. diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c index 891fcb4317f..c674da678ba 100644 --- a/src/backend/libpq/hba.c +++ b/src/backend/libpq/hba.c @@ -10,7 +10,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.72 2001/09/21 20:31:46 tgl Exp $ + * $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.73 2001/09/26 19:54:12 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -904,7 +904,7 @@ ident_unix(int sock, char *ident_user) return true; -#elif defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED) +#elif defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)) struct msghdr msg; /* Credentials structure */ diff --git a/src/backend/libpq/pg_hba.conf.sample b/src/backend/libpq/pg_hba.conf.sample index 0aff0f43fcc..c61915bd31f 100644 --- a/src/backend/libpq/pg_hba.conf.sample +++ b/src/backend/libpq/pg_hba.conf.sample @@ -125,18 +125,21 @@ # not store encrypted passwords if you use this option. # # ident: For TCP/IP connections, authentication is done by contacting -# the ident server on the client host. (CAUTION: this is only -# as secure as the client machine!) On machines that support -# SO_PEERCRED or SCM_CREDS socket requests, this method also -# works for local Unix-domain connections. AUTH_ARGUMENT is -# required: it determines how to map remote user names to -# Postgres user names. The AUTH_ARGUMENT is a map name found -# in the $PGDATA/pg_ident.conf file. The connection is accepted -# if that file contains an entry for this map name with the -# ident-supplied username and the requested Postgres username. -# The special map name "sameuser" indicates an implied map -# (not in pg_ident.conf) that maps each ident username to the -# identical PostgreSQL username. +# the ident server on the client host. (CAUTION: this is +# only as secure as the client machine!) On machines that +# support unix-domain socket credentials (currently Linux, +# FreeBSD, NetBSD, and BSD/OS), this method also works for +# "local" connections. +# +# AUTH_ARGUMENT is required: it determines how to map +# remote user names to Postgres user names. The +# AUTH_ARGUMENT is a map name found in the +# $PGDATA/pg_ident.conf file. The connection is accepted +# if that file contains an entry for this map name with +# the ident-supplied username and the requested Postgres +# username. The special map name "sameuser" indicates an +# implied map (not in pg_ident.conf) that maps each ident +# username to the identical PostgreSQL username. # # krb4: Kerberos V4 authentication is used. Allowed only for # TCP/IP connections, not for local UNIX-domain sockets. |