mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-12-21 08:29:39 +08:00
Add note cautioning that you can't use an encrypting IDENT server
with Postgres.
This commit is contained in:
parent
875b0c62fa
commit
a9fec25df8
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.71 2005/01/23 00:30:18 momjian Exp $
|
||||
$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.72 2005/01/28 22:38:37 tgl Exp $
|
||||
-->
|
||||
|
||||
<chapter id="client-authentication">
|
||||
@ -709,7 +709,7 @@ local db1,db2,@demodbs all md5
|
||||
|
||||
<para>
|
||||
The ident authentication method works by obtaining the client's
|
||||
operating system user name and determining the allowed database
|
||||
operating system user name, then determining the allowed database
|
||||
user names using a map file that lists the permitted
|
||||
corresponding pairs of names. The determination of the client's
|
||||
user name is the security-critical point, and it works differently
|
||||
@ -752,6 +752,15 @@ local db1,db2,@demodbs all md5
|
||||
</para>
|
||||
</blockquote>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Some ident servers have a nonstandard option that causes the returned
|
||||
user name to be encrypted, using a key that only the originating
|
||||
machine's administrator knows. This option <emphasis>must not</> be
|
||||
used when using the ident server with <productname>PostgreSQL</>,
|
||||
since <productname>PostgreSQL</> does not have any way to decrypt the
|
||||
returned string to determine the actual user name.
|
||||
</para>
|
||||
</sect3>
|
||||
|
||||
<sect3>
|
||||
|
Loading…
Reference in New Issue
Block a user